Adobe releases patches for critical issues in Acrobat, Reader, ColdFusion

Adobe issued an extensive set of security updates addressing high-risk vulnerabilities across a range of its products, including Acrobat and Reader, ColdFusion, InDesign, InCopy, and Audition.

During its regular Patch Tuesday release cycle, the company detailed 72 unique security vulnerabilities, highlighting 17 severe executable code vulnerabilities within the popular Acrobat and Reader applications that could potentially allow attackers to execute arbitrary code and trigger memory leak problems on systems running unpatched versions of Windows and macOS.

Affected versions of Acrobat are:

For ColdFusion, a web application development platform, Adobe has rectified at least six critical flaws that could be exploited to execute arbitrary code or circumvent security mechanisms, impacting versions on all platforms:

• ColdFusion 2023 Update 5 and earlier versions
• ColdFusion 2021 Update 11 and earlier versions

Additionally, Adobe's comprehensive patch collection addresses vulnerabilities in several other products:

• five in RoboHelp Server related to arbitrary code execution and memory leaks;
• six in Photoshop for arbitrary code execution and memory leaks;
• seven in InDesign associated with denial-of-service and memory leaks; and three in Adobe Bridge that could lead to memory leakage.
• code execution vulnerabilities have been patched in Adobe FrameMaker Publishing Server as well as in Adobe Media Encoder and Adobe Premiere Pro.