Adobe has issued a vast security update targeting 14 products, including Lightroom, Photoshop, and InDesign. Over 80 patches for vulnerabilities, including critical code execution flaws, privilege escalation, denial-of-service, and memory leaks.
In general, Adobe waits to release batch security updates until the second Tuesday of each month in what is known as Patch Tuesday a practice also followed by companies including Microsoft.
But, when the security of users required, vendors may release out-of-band or emergency patches to mitigate the issues.
Adobe After Effects, Audition, Bridge, Character Animator, Prelude, Lightroom Classic, Illustrator, Media Encoder, Premiere Pro, Animate, Premiere Elements, InDesign, XMP Toolkit SDK, and Photoshop have all received new updates.
Notable security updates:
- Photoshop: CVE-2021-42736, CVSS 7.8, buffer overflow leading to arbitrary code execution
- XMP Toolkit SDK: CVE-2021-42529, CVE-2021-42530, CVE-2021-42531 (CVSS 7.8), buffer overflows, arbitrary code execution
- Animate: Nine critical bugs, CVSS 7.8, arbitrary code execution
- Premiere Elements: CVE-2021-40785, CVSS 8.3, NULL Pointer Dereference, memory leaks
- Character Animator: Three Access of Memory Location After End of Buffer flaws, CVSS 7.8, arbitrary code execution
- Media Encoder: CVE-2021-40778, CVSS 8.3, NULL Pointer Dereference, memory leaks
Upgrades to Photoshop and Illustrator along with these updates released to allow web access via URLs, improved masking and filters in Photoshop, the implementation of Frame.io in products, and the planned release of Canvas and Creative Cloud Spaces next year.