Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop

Software maker Adobe on Tuesday released fixes for at least 13 security vulnerabilities in multiple product lines, warning that critical flaws in Adobe Commerce and Photoshop will require immediate attention.

As part of its scheduled batch of Patch Tuesday updates, Adobe documented at least 10 serious flaws in Adobe Commerce and Magento Open Source, a product line often targeted by malicious hackers.

“Successful exploitation could lead to arbitrary code execution, privilege escalation, arbitrary file system read, security feature bypass and application denial-of-service,” Adobe said in a critical-severity advisory.

The company identified the affected software versions as Adobe Commerce (multiple versions including 2.4.7-beta1 and earlier) and Magento Open Source (Multiple versions including 2.4.7-beta1 and earlier.)

Adobe said it was not aware of exploits for any of the documented vulnerabilities.

The San Jose, Calif. firm also released updates to fix a critical-severity flaw in the popular Adobe Photoshop software.  The flaw, tagged as CVE-2023-26370, could be exploited to launch code execution attacks on both Windows and macOS systems.

Adobe said the patches apply to Photoshop 2022 (23.5.5 and earlier versions) and Photoshop 2023 (24.7 and earlier versions). 

Advertisement. Scroll to continue reading.

Adobe’s security response team also released fixes for a pair of vulnerabilities in Adobe Bridge that could lead to memory corruption exploitation.

Related: Adobe Says Critical PDF Reader Zero-Day Being Exploited 

Related: Critical Flaws in Adobe Commerce Software

Related: Patch for Exploited Flaw in Adobe Commerce and Magento Bypassed

Related: Adobe Plugs Critical Security Holes in Illustrator, After Effects Software