Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce

Patch Tuesday: Adobe documents hundreds of bugs across multiple products and warns of code execution, feature bypass risks.

Software maker Adobe on Tuesday flagged critical-severity flaws in multiple product lines, including code execution bugs in Adobe Acrobat Reader and Adobe Commerce.

The bumper Patch Tuesday rollout is headlined by an Acrobat Reader bulletin that documents at least 10 vulnerabilities affecting both Windows and macOS platforms.

According to Adobe, four of the 10 bugs are rated critical with a CVSS severity score of 7.8/10.

“Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and application denial-of-service,” the San Jose, Calif. company said, noting that it was not aware of any exploits in the wild for any of the issues.

The company said the Adobe Commerce update should also be treated with the highest priority because of the risk of arbitrary code execution exploits.  Adobe has ...