Updates released by Adobe last week for its Illustrator product patch two vulnerabilities that could lead to arbitrary code execution, but the researcher who found them says exploitation is not easy.
According to Adobe, Illustrator 2021 and 2022 for Windows and macOS are affected by improper input validation and out-of-bounds read vulnerabilities that could lead to malicious code execution.
Adobe assigned the flaws a ‘critical’ severity rating. Based on their CVSS score, the vulnerabilities are ‘high severity’.
However, exploitation is not easy. The issues were reported to Adobe through Trend Micro’s Zero Day Initiative (ZDI) by Tran Van Khang, malware analyst in the services division of Vietnam-based cybersecurity firm VinCSS, a subsidiary of Vingroup.