Software maker Adobe on Tuesday rolled out a massive batch of security fixes to cover critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy and Audition products.

As part of its scheduled Patch Tuesday updates, Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software.

In a critical-severity bulletin, Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and memory leak issues. 

Adobe also issued patches for at least six distinct ColdFusion flaws that could lead to arbitrary code execution and security feature bypass. The ColdFusion issues are flagged as critical and affects versions 2023 and 2021.  

The mega-patch bundle also includes cover for five vulnerabilities in RoboHelp Server (arbitrary code execution and memory leak in the context of the current user); six documented Photoshop bugs (arbitrary code execution and memory leak); seven denial-of-service and memory leak issues in InDesign; and three documented bugs exposing Adobe Bridge users to memory leakage.

The San Jose, Calif. vendor also covered code execution issues in the Adobe FrameMaker Publishing Server and the Adobe Media Encoder and Adobe Premiere Pro.

Adobe said it was not aware of in-the-wild exploits for any of the documented vulnerabilities.

Related: Two New Adobe ColdFusion Vulnerabilities Exploited in Attacks

Related: Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop

Related: CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability

Related: Adobe Says Critical PDF Reader Zero-Day Being Exploited

https://www.securityweek.com/adobe-patch-tuesday-critical-bugs-in-acrobat-reader-coldfusion/