On Update Tuesday on September 12, Adobe released several security updates to address vulnerabilities in its programs. The updates cover five vulnerabilities in programs such as Acrobat and Acrobat Reader, Connect, and Experience Manager. One of the most concerning vulnerabilities is already being exploited. As a result, Adobe has assigned the highest priority level 1 to the PDF updates and the lowest priority level 3 to the others.
Contents
Adobe Updates in September
In September, Adobe released several security updates to address vulnerabilities in its software. The updates specifically target Acrobat and Reader DC, Acrobat and Reader 2020, Experience Manager (AEM), AEM Cloud Service (CS), and Connect. The vulnerabilities range from critical to high risk.
Acrobat and Reader DC
The vulnerable versions of Acrobat and Reader DC are 23.003.20284 and older, while the secure version is 23.006.20320. The update addresses one critical vulnerability.
Acrobat and Reader 2020
For Acrobat and Reader 2020, the vulnerable versions are 20.005.30516 and older, and the secure version is 20.005.30524. The update also fixes one critical vulnerability.
Experience Manager (AEM)
AEM version 6.5.17.0 and older are vulnerable to two high-risk vulnerabilities. The update to version 6.5.18.0 addresses these vulnerabilities. AEM Cloud Service (CS) version 2023.8 is also affected, and users will receive an automatic update to the secure version.
Connect
Connect version 12.3 and older have two high-risk vulnerabilities. The update to version 12.4.1 will close these vulnerabilities.
August saw the fix for 30 vulnerabilities in Adobe’s PDF tools. However, in September, a critical vulnerability, CVE-2023-26369, was identified. It allows attackers to inject and execute code using specially crafted PDF files. Adobe has reported limited attacks exploiting this vulnerability. To address this, updates for Acrobat and Reader DC, as well as Acrobat and Reader 2020, are available.
Further reading: The best PDF editors
The Adobe Experience Manager (AEM) has two cross-site scripting (XSS) vulnerabilities, CVE-2023-38214 and CVE-2023-38215, up to version 6.5.17.0. These vulnerabilities can allow arbitrary code execution and are considered high risk. The AEM Cloud Service is also affected, and users will receive an update to release 2023.8. AEM 6.5 users can update to the secure version 6.5.18.0 to mitigate these vulnerabilities.
The Connect presentation solution also contains two XSS vulnerabilities, CVE-2023-29305 and CVE-2023-29306, which Adobe classifies as high risk. All versions up to and including 12.3 are vulnerable. The vulnerabilities will be addressed in the update to version 12.4.1.
For more information on the latest Adobe security bulletins, visit the Adobe Security Bulletins page on the company’s website.
This article was translated from German to English and originally appeared on pcwelt.de.
Adobe has released important security updates to address critical vulnerabilities in its software, including Acrobat and Acrobat Reader, Connect, and Experience Manager. These updates are necessary to protect users from potential attacks. It is recommended that users install the updates as soon as possible to ensure the security of their systems and data.
What programs are affected by the security updates?
The security updates released by Adobe address vulnerabilities in programs such as Acrobat and Acrobat Reader, Connect, and Experience Manager.
Are the vulnerabilities being actively exploited?
Yes, one of the vulnerabilities in the PDF tools is already being exploited in limited attacks, according to Adobe.
How can I update my Adobe software?
You can update your Adobe software by visiting the Adobe website and downloading the latest updates for the specific programs you use.
What is the risk level of the vulnerabilities?
The vulnerabilities range from critical to high risk, depending on the program and the specific vulnerability.
Where can I find more information about Adobe security bulletins?
You can find more information about Adobe security bulletins on the Adobe website, specifically on the Adobe Security Bulletins page.
