Security News > 2021 > October > Adobe’s Surprise Security Bulletin Dominated by Critical Patches
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution.
Adobe has dropped a mammoth out-of-band security update this week, addressing 92 vulnerabilities across 14 products.
The lion's share of the bugs allow access to a memory location after the end of a buffer, leading to ACE. Also, almost all of the critical problems rate 7.8 on the CVSS vulnerability severity scale, except for one type.
The fixes come two weeks after Adobe released its normal monthly Patch Tuesday patches.
A company spokesperson characterized the release as "Planned" rather than an emergency response - and indeed, Adobe said in its advisories that there's no evidence that any of the bugs are being exploited in the wild.
"While we strive to release regularly scheduled updates on Patch Tuesday, occasionally these regularly scheduled security updates are released on non-Patch Tuesday dates," a company spokesperson told the Register.
News URL
https://threatpost.com/critical-patches-adobe-security-bulletin/175825/
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Critical security hole in Apache Struts under exploit (source)