Adobe revealed on Tuesday that the latest updates to its Bridge and Illustrator apps are patching 22 vulnerabilities, including those that have been rated critical.
The update of Adobe Bridge 10.0.4 for Windows and MacOS has patched a total of 17 vulnerabilities. Critical flaws have been identified as stack-based buffer overflow, heap overflow, out-of-bound write, use-after-free, and other memory corruption issues that can lead to arbitrary code execution.
Three of the patched security holes, identified as important out-of-bound read bugs, that lead to disclosure of details.
All vulnerabilities patched in Bridge have been reported to Adobe through Trend Micro’s Zero Day Initiative (ZDI).
In Illustrator, Adobe has patched five crucial memory corruption vulnerabilities that can be exploited for arbitrary code execution. Kushal Arvind Shah of Fortinet’s FortiGuard Labs has been credited with revealing all of these vulnerabilities.
Adobe claims there is no proof that vulnerabilities discovered in Bridge and Illustrator have been exploited in the wild, and although others have been given a critical severity rating, their priority rating is 3, which means that they are unlikely to be exploited.
Now that Flash Player is nearing the end of life and is no longer targeted by malicious actors, vulnerabilities in Adobe’s Acrobat and ColdFusion products are most likely to be exploited in attacks.