Anyone who uses Acrobat and Reader, After Effects, Animate, Audition, Bridge, ColdFusion, Dimension, FrameMaker, InCopy, InDesign, Media Encoder, Photoshop, Premiere Pro, Publishing Server or RoboHelp should install the latest versions for security reasons.
Advertisement
Information about the secured versions can be found in the warning messages linked below this message. The majority of vulnerabilities affect macOS and Windows.
Dangerous vulnerabilities
The developers have closed most of the gaps in Acrobat and Reader. Here attackers can provoke memory errors and thus push their own code onto the computer and execute it. This usually leads to complete system compromise. What such an attack could look like is not yet known.
Two vulnerabilities (CVE-2023-44350, CVE-2023-44351) in ColdFusion are identified as “critical” Classified. Here attackers can cause the processing of untrustworthy data. Photoshop is vulnerable to malicious code attacks. Attackers can also provoke data leaks here.
Attackers can use the vulnerabilities in InDesign to carry out DoS attacks, among other things. With FrameMaker Publishing Server, bypassing security features is conceivable. A vulnerability (CVE-2023-22273 “high“) in RoboHelp Server can in turn allow malicious code to reach systems. After Effects is also vulnerable to malicious code attacks and users should install the available patches promptly.
Information about the security updates:
(of)