The security bugs could open the doorway for arbitrary code-execution and complete takeover of specific machines.
Adobe has introduced security patches tackling four critical vulnerabilities in Adobe Bridge, along with other critical and vital-rated updates for bugs in Adobe Digital Editions, Adobe Photoshop and RoboHelp.
In all, Adobe mounted 10 security holes in its solutions for the duration of its scheduled April updates, seven of them shown as critical.
Adobe Bridge is a inventive-asset supervisor that can help buyers preview, organize, edit and publish numerous resourceful belongings in a streamlined way. It is made up of the 4 critical bugs as well as two “important” vulnerabilities:
- CVE-2021-21093 and CVE-2021-21092 are critical memory-corruption issues primary to arbitrary code execution
- CVE-2021-21094 and CVE-2021-21095 are critical out-of-bounds generate bugs also foremost to arbitrary code execution
- CVE-2021-21091 is an crucial out-of-bounds read issue that could guide to data disclosure
- And CVE-2021-21096 stems from improper authorization and permits privilege escalation.
Other Adobe Patches for April
Adobe also resolved two critical vulnerabilities in Photoshop, its well-liked photo-editing program (CVE-2021-28548 and CVE-2021-28549). Both of those are buffer-overflow bugs that permit arbitrary code execution.
The firm also patched a closing critical vulnerability in Adobe Digital Editions, CVE-2021-21100, which is a privilege-escalation challenge allowing for an arbitrary file-system write. Digital Editions is Adobe’s e-E book reader software program employed for buying, running and reading e-books, digital newspapers and other digital publications.
And at last, Adobe patched just one significant-rated vulnerability in RoboHelp, which is a platform for authoring technological articles and how-tos. The bug, tracked as CVE-2021-21070, is an uncontrolled research route element that could let privilege escalation.
People can permit vehicle-updates for the bugs by going to Assistance > Examine for Updates.
At any time speculate what goes on in underground cybercrime boards? Locate out on April 21 at 2 p.m. ET during a FREE Threatpost occasion, “Underground Marketplaces: A Tour of the Dark Overall economy.” Gurus will take you on a guided tour of the Dark Web, including what is for sale, how a lot it prices, how hackers get the job done alongside one another and the most current equipment readily available for hackers. Register here for the Wed., April 21 Are living celebration.
Some sections of this report are sourced from: