Adobe released security updates for 15 of its products including Adobe Acrobat and Reader for Windows and macOS to address critical and important vulnerabilities which could lead to arbitrary code execution or worse, in this month’s Patch Tuesday updates.
The patches include critical updates for multiple versions of Adobe Acrobat, Flash Player, Shockwave and InDesign along with “important” and less critical updates for Dreamweaver, Experience Manager Forms, Bridge, XD and other products, according to the Adobe security advisory.
A critical arbitrary code execution vulnerability in Adobe InDesign was caused by unsafe hyperlink processing. To address the flaw, users are recommended to update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.”
Adobe also patched an “important” rated cross-site scripting vulnerability in Adobe Experience Manager Forms that could result in sensitive information disclosure along with other vulnerabilities in Adobe Bridge that could result in remove code execution or information disclosure. Earlier this month Adobe released four “critical” and one “important” vulnerability in Acrobat.