Software maker Adobe on Tuesday released patches for at least 28 documented security vulnerabilities in a wide range of products and warned that both Windows and macOS users are exposed to code execution attacks.

The most urgent issue, affecting the widely deployed Acrobat and PDF Reader software, provides cover for two memory corruption vulnerabilities that could be exploited to launch arbitrary code.

A critical-severity bulletin documented the two bugs as CVE-2024-41869 (CVSS base score of 7.8/10) and CVE-2024-45112 (CVSS 8.6/10) and warned that both could be exploited for arbitrary code execution and presents a higher risk due to its potential to escalate privileges. 

The company also pushed out a major Adobe ColdFusion update to fix a critical-severity flaw that exposes businesses to code execution attacks.  The flaw, tagged as CVE-2024-41874, carries a CVSS severity score of 9.8/10 and affects all versions of ColdFusion 2023.

Professional hacking gangs have recently pounced on security issues in Adobe ColdFusion to launch attacks against US government agencies and Adobe has spent the last year applying band-aids to thwart zero-day exploitation.

The San Jose, Calif. company also released fixes for five flaws in Adobe Photoshop (code execution and memory leaks); five separate defects in the Adobe Media Encoder, and a pair of Adobe Audition issues that could also lead to code execution issues.

The company’s Adobe After Effects software also gets a security makeover to cover five documented vulnerabilities while the enterprise-facing Adobe Premiere Pro and Adobe Illustrator also received security patches. 

Related: Adobe ColdFusion Flaw Exploited in Attacks on US Gov Agency 

Related: CISA Warns of Another Exploited Adobe ColdFusion Vulnerability

Related: Adobe Patches Critical Flaws in Enterprise Products

Related: Adobe Calls Attention to Massive Batch of Code Execution Flaws