Tech

Adobe closes 17 gaps in Illustrator






Adobe has provided security updates for six products. The updates eliminate 46 security gaps, most of which are classified as critical.

Adobe again provided important security updates at Patch Day in June. The manufacturer eliminates 46 security vulnerabilities in six programs, almost all of which it has identified as critical. Illustrator, InDesign, InCopy, Bridge, Animate and RoboHelp are affected. Mat Powell, a security researcher at Trend Micro ZDI, discovered 40 of the 46 vulnerabilities and reported them to Adobe. According to Adobe, none of the vulnerabilities have been used for attacks so far.

The biggest chunk this month is a bundle of 17 vulnerabilities in

illustrator

. Illustrator 2022 up to and including 26.0.2 and Illustrator 2021 up to and including 25.4.5 for Windows and macOS are affected. Adobe identifies 13 vulnerabilities as critical and four as high risk. This can be remedied by updates to Illustrator 2022 26.3.1 and Illustrator 2021 25.4.6.

InDesign

up to and including versions 16.4.1 and 17.2.1 for Windows and macOS has seven critical vulnerabilities (CVE-2022-30658 to -30663, CVE-2022-30665) that Adobe has now closed. All are suitable for injecting and executing arbitrary code (RCE: Remote Code Execution). This can be remedied by updates to the new versions InDesign 16.4.2 and 17.3 for Windows and macOS.

▶The latest security updates

Also in

InCopy

Up to and including versions 16.4.1 and 17.2 for Windows and macOS, Mat Powell has discovered eight RCE vulnerabilities (CVE-2022-30650 to -30657) that Adobe classifies as critical. Here, too, updates to the new versions InDesign 16.4.2 and 17.3 for Windows and macOS are the solution.

Mat Powell is also at Adobe

bridge

found what they were looking for. Versions up to and including 12.0.1 for Windows and macOS have 12 vulnerabilities, of which Adobe identifies 11 as critical. In Bridge 12.0.2 the gaps are filled.

animate

22.0.5 (and older) for Windows and macOS contains a vulnerability classified as critical. An attacker could inject and execute arbitrary code. Adobe provides updates to Animate 2022 22.0.6 and Animate 2021 21.0.11.

Only with that

RoboHelp

Server apparently didn’t bother with Mat Powell. Its version 11 up to update 3 has a vulnerability that Adobe identifies as a medium risk. A user could access areas for which he has no authorization as a result of insufficient or no authorization checks. A hotfix for RoboHelp Server 11 Update 3 is intended to fix this.

The current Adobe Security Bulletins can be found on the manufacturer’s website.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button