Tech

Adobe plugs 22 PDF gaps – including many critical ones






Adobe has provided security updates for four product families. The updates eliminate 27 security vulnerabilities, most of which are classified as critical.

Adobe provided important security updates at Patch Day in July. The manufacturer eliminates 27 security gaps in five programs, almost all of which it has identified as critical. Affected are Acrobat, Acrobat Reader, Photoshop, Character Animator and RoboHelp. According to Adobe, none of the vulnerabilities have been used for attacks so far.

The quarterly updates for the PDF tools Acrobat and Acrobat Reader account for the lion’s share of the fixed security gaps. This month alone, Adobe’s PDF tools account for 22 vulnerabilities, 15 of which the manufacturer classifies as critical. With specially prepared PDF files, an attacker could inject code and execute it with user rights. This can be remedied by updates for the three product generations that are still being maintained (Windows and macOS):

product

vulnerable versions

secured version

AcrobatDC

22.001.20142 and older

22.001.20169

Acrobat ReaderDC

22.001.20142 and older

22.001.20169

Acrobat 2020

20.005.30334 and older

20.005.30362

Acrobat Reader 2020

20.005.30334 and older

20.005.30362

Acrobat 2017

17.012.30229 and older

17.012.30249

Acrobat Reader 2017

17.012.30229 and older

17.012.30249

Adobe has fixed two vulnerabilities in Photoshop, one of which is classified as critical (RCE: Remote Code Execution). Photoshop 2022 up to and including version 23.3.2 and Photoshop 2021 up to and including 22.5.7 are vulnerable, each for Windows and macOS. The security gaps have been closed in the new versions Photoshop 2022 23.4.1 and Photoshop 2021 22.5.8.

▶The latest security updates

Character Animator 2022 up to version 22.4 and Character Animator 2021 up to 4.4.7, each for Windows and macOS, have two critical vulnerabilities (RCE: Remote Code Execution). As a solution to both, Adobe offers an update to Character Animator 2022 22.5, which you can obtain via the Creative Cloud.

RoboHelp up to and including RH2020.0.7 for Windows and macOS contains an XSS (Cross-site Scripting) vulnerability that could be exploited to execute arbitrary code. An update to RoboHelp RH2020.0.8 fixes the problem.

The current Adobe Security Bulletins can be found on the manufacturer’s website.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button