Patches Released To Address Multiple Vulnerabilities


Adobe security updates for April 2023 are here! This time, the multinational software company has released security updates that address multiple vulnerabilities in its popular software products and services. According to Adobe, attackers can exploit these vulnerabilities to take control of an affected system. 

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary Adobe Security updates. The following are some of the Adobe products and services that have been affected.

Adobe security updates: Top priority for Adobe products and services

Adobe Digital Editions’ vulnerability

On April 11, 2023, Adobe discovered the Adobe Digital Editions vulnerability, CVE-2023-21582, with a priority rating of 3. The affected products include 4.5.11.187303 and earlier Adobe Digital Editions for Windows versions. This vulnerability falls under the category of an out-of-bounds write (CWE-787), which can lead to arbitrary code execution with a severity rating of critical. Adobe recommends that users update their software installations as soon as possible.

Adobe InCopy vulnerability

The Adobe InCopy vulnerability, CVE-2023-22235, was published on April 11, 2023, with a priority score of 3. This vulnerability is also critical, and successful exploitation can lead to arbitrary code execution. The affected versions include 18.1 and earlier versions for both macOS and Windows operating systems. Adobe recommends that users update their software installations via the Creative Cloud desktop app updater or by navigating to the InCopy Help menu and clicking “Updates.”

Adobe Acrobat and Reader vulnerability

Several vulnerabilities have been discovered in Adobe Acrobat and Reader, with the following CVE numbers: CVE-2023-26395, CVE-2023-26396, CVE-2023-26397, CVE-2023-26405, CVE-2023-26406, CVE-2023-26407, CVE-2023-26408, CVE-2023-26417, CVE-2023-26418, CVE-2023-26419, CVE-2023-26420, CVE-2023-26421, CVE-2023-26422, CVE-2023-26423, CVE-2023-26424, and CVE-2023-26425.

Various security researchers, including Mark Vincent Yason, AbdulAziz Hariri, and Qingyang Chen, discovered these vulnerabilities. Adobe recommends that users update their software installations to the latest versions by choosing Help > Check for Updates. The products will update automatically when updates are detected.

Adobe Substance 3D Stager vulnerability

Adobe has also released security updates to address the Adobe Substance 3D Stager vulnerability. This vulnerability can lead to arbitrary code execution with a severity rating of critical. The affected versions include version 12.4.0 and earlier versions of Adobe Substance 3D Designer for macOS and Windows operating systems. 

In conclusion, Adobe security updates are crucial in addressing the vulnerabilities found in its software products. Users are advised to update their software installations to the latest versions to ensure their systems’ safety and security. Users are also encouraged to follow best cybersecurity practices to safeguard their systems against potential attacks.





Source link