{"id":8574,"date":"2021-09-23T04:14:51","date_gmt":"2021-09-23T11:14:51","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8574"},"modified":"2023-03-07T15:04:26","modified_gmt":"2023-03-07T22:04:26","slug":"abode-patches-59-security-vulnerabilities","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/abode-patches-59-security-vulnerabilities\/","title":{"rendered":"Abode Patches 59 Security Vulnerabilities"},"content":{"rendered":"
Adobe released a series of patches that address 59 flaws in 15 of its products, including Adobe Acrobat and Reader, Premiere Pro, InCopy, and other Adobe products. We analyzed these weaknesses and highlighted the most important vulnerabilities that ought to be fixed on priority.<\/p>\n
<\/p>\n
In this monthly rollout, 59 security vulnerabilities have been addressed that affect both Windows and macOS.<\/p>\n
32 CVEs are classified as Arbitrary Code Execution bugs<\/p>\n<\/li>\n
2 CVEs with Privilege Escalation capabilities<\/p>\n<\/li>\n
12 CVEs are linked to Arbitrary file system write\/read<\/p>\n<\/li>\n
7 CVEs have Denial of Service capabilities<\/p>\n<\/li>\n
4 CVEs with Memory leak and 3 CVEs are Security feature bypass flaws.<\/p>\n<\/li>\n<\/ul>\n
None of the bugs fixed this month by Adobe are listed as publicly known or under active attack at the time of release.<\/p>\n
We analyzed the latency metrics for the Adobe September patched vulnerabilities and found that the patches were released on the same date of discovery (September 14, 2021) which is ideal.\u00a041% of the CVEs got a second update released in the same month with an average latency of 6 days. These insights help us understand the approximate time that a vendor takes to deliver a fix.<\/p>\n
Meanwhile, NVD has not disclosed any details of the Adobe vulnerabilities that were discovered this month.<\/p>\n
Adobe Acrobat and Reader received fixes for 13 critical vulnerabilities. Adobe Premiere Pro, InCopy, ColdFusion, and Digital Editions received fixes for two critical vulnerabilities each. Adobe InDesign received fixes for 3 critical vulnerabilities. Adobe Premiere Elements received fixes for four critical vulnerabilities. Adobe SVG-Native-Viewer, Creative Cloud Desktop Application, Photoshop, Photoshop Elements, Genuine Service, and Experience Manager received fixes for one critical vulnerability each.<\/p>\n
<\/p>\n
Patches are tagged Priority 2<\/a> for Adobe Acrobat and Reader, ColdFusion, and Experience Manager, while the remaining are labeled Priority 3.<\/a><\/p>\n <\/p>\n When analyzed based on CWE classification, we found 64% of CVEs are categorized under the 2021<\/a> CWE Top 25 Most Dangerous Software Weaknesses<\/a>, making the fixes the highest priority for this month.<\/p>\n <\/p>\nProduct Analysis<\/h2>\n
CWE Analysis<\/h2>\n