Adobe released security patches for vulnerabilities in its ColdFusion, After Effects and Digital Editions applications. If exploited, the flaws could enable attackers to view sensitive data, gain escalated privileges, and launch denial-of-service attacks. Each of the bugs were rated important-severity, based on CVSS rankings, marking an extremely low-volume month for Adobe bug fixes.
Overall Adobe patched flaws tied to five CVEs as
part of its regularly scheduled security updates, Tuesday. That number pales in comparison to March, where Adobe patched flaws in an out-of-band update tied to 41 CVEs across its products, 29 of which were critical in severity. In February Adobe patched flaws tied to 42 CVEs in its regularly scheduled updates, 35 of which were critical in severity.
“After several months of heavy and highly critical patches, Adobe is giving us a break of sorts,” said Jay Goodman, strategic product marketing manager, Automox, in a statement. “Although the CVEs are only marked as important, it is still a good cyber hygiene practice to get your applications patched to reduce your risk exposure.”
