Adobe released a series of patches that address 102 flaws in 20 of its products, including Adobe Acrobat and Reader, Premiere Pro, InCopy, and other Adobe products. We analyzed these weaknesses and highlighted the most important vulnerabilities that ought to be fixed on priority.
Abode October Patches: Overview
In this monthly rollout, 102 security vulnerabilities have been addressed –
67 CVEs are classified as Arbitrary Code Execution bugs
6 CVEs with Privilege Escalation capabilities
1 CVEs are linked to Arbitrary file system write/read
22 CVEs have Denial of Service capabilities.
None of the bugs fixed this month by Adobe are listed as publicly known or under active attack at the time of release.
Adobe After Effects, Animate, and Bridge received fixes for 9 critical vulnerabilities.
Audition received fixes for 6 critical vulnerabilities.
Premiere Pro and Character Animator received fixes for 3 critical vulnerabilities.
Media Encoder received fixes for 4 critical vulnerabilities.
Adobe Illustrator, InDesign, and Photoshop received fixes for 2 critical vulnerabilities each.
Patches are tagged Priority 2 for Adobe Acrobat and Reader, Connect, Adobe Ops-CLI, Adobe Commerce, Adobe Campaign Standard, Adobe Lightroom Classic, Acrobat and Reader for Android and Adobe XMP Toolkit SDK, while the remaining are labeled as Priority 3.
When analyzed based on CWE classification, we found 48% of CVEs are categorized under the 2021 CWE Top 25 Most Dangerous Software Weaknesses, making the fixes the highest priority for this month.
Table: Adobe October Patches 2021
CISA has issued an alert recommending users to update to the latest versions that bring new enhancements and fixes for some customer-reported issues. In addition to the release of the security patches, Adobe also issued alerts about the most severe flaws in its products. We recommend all Adobe users to add these updates to your “Patch Now” cycle.