Quote:Adobe has released security patches tackling four critical vulnerabilities in Adobe Bridge, along with other critical and important-rated updates for bugs in Adobe Digital Editions, Adobe Photoshop and RoboHelp.
In all, Adobe fixed 10 security holes in its products during its scheduled April updates, seven of them listed as critical.
None of the CVEs addressed by Adobe are listed as publicly known or under active attack at the time of release.
“This month, Adobe had four updates for Photoshop, Digital Editions, Bridge, and Robohelp and all rated as Priority 3,” Chris Goettl, senior director of product management and security at Ivanti, told Threatpost. “The reasoning behind Adobe’s prioritization is because this update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.”
Goettl noted that this is an aspect of vendor severity ratings that many don’t take into account – if applications are less likely to be targeted by threat actors, Adobe sets the severity of the vulnerability lower, regardless of how severe of a bug it may be. Thus, patching priority should be determined on an organization-by-organization basis.
“While historical evidence reflects Adobe’s assessment accurately, it does not remove all risk,” he noted. “Photoshop has had as many as nine exploited CVEs over the years, the most recent being the CVEs in 2015. Of these four updates, Photoshop is the riskiest.”
Read more: Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
