Adobe has provided security updates for six products. The updates eliminate 46 security gaps, most of which are classified as critical.
Adobe again provided important security updates at Patch Day in June. The manufacturer eliminates 46 security vulnerabilities in six programs, almost all of which it has identified as critical. Illustrator, InDesign, InCopy, Bridge, Animate and RoboHelp are affected. Mat Powell, a security researcher at Trend Micro ZDI, discovered 40 of the 46 vulnerabilities and reported them to Adobe. According to Adobe, none of the vulnerabilities have been used for attacks so far.
The biggest chunk this month is a bundle of 17 vulnerabilities in
illustrator
. Illustrator 2022 up to and including 26.0.2 and Illustrator 2021 up to and including 25.4.5 for Windows and macOS are affected. Adobe identifies 13 vulnerabilities as critical and four as high risk. This can be remedied by updates to Illustrator 2022 26.3.1 and Illustrator 2021 25.4.6.
InDesign
up to and including versions 16.4.1 and 17.2.1 for Windows and macOS has seven critical vulnerabilities (CVE-2022-30658 to -30663, CVE-2022-30665) that Adobe has now closed. All are suitable for injecting and executing arbitrary code (RCE: Remote Code Execution). This can be remedied by updates to the new versions InDesign 16.4.2 and 17.3 for Windows and macOS.
▶The latest security updates
Also in
InCopy
Up to and including versions 16.4.1 and 17.2 for Windows and macOS, Mat Powell has discovered eight RCE vulnerabilities (CVE-2022-30650 to -30657) that Adobe classifies as critical. Here, too, updates to the new versions InDesign 16.4.2 and 17.3 for Windows and macOS are the solution.
Mat Powell is also at Adobe
bridge
found what they were looking for. Versions up to and including 12.0.1 for Windows and macOS have 12 vulnerabilities, of which Adobe identifies 11 as critical. In Bridge 12.0.2 the gaps are filled.
animate
22.0.5 (and older) for Windows and macOS contains a vulnerability classified as critical. An attacker could inject and execute arbitrary code. Adobe provides updates to Animate 2022 22.0.6 and Animate 2021 21.0.11.
Only with that
RoboHelp
Server apparently didn’t bother with Mat Powell. Its version 11 up to update 3 has a vulnerability that Adobe identifies as a medium risk. A user could access areas for which he has no authorization as a result of insufficient or no authorization checks. A hotfix for RoboHelp Server 11 Update 3 is intended to fix this.
The current Adobe Security Bulletins can be found on the manufacturer’s website.
