Image: IDG
On Update Tuesday on September 12, Adobe launched a number of safety updates to shut 5 vulnerabilities in a number of packages, a few of that are categorized as essential. These have an effect on the PDF instruments Acrobat and Acrobat Reader, Connect, and Experience Manager. More worryingly, a vulnerability within the PDF instruments is already being attacked. Adobe due to this fact assigns the best precedence degree 1 to the PDF updates and the bottom precedence degree 3 to the others.
Adobe Updates in September
Product | susceptible model(s) | susceptible model(s) | Vulnerabilities | Risk |
---|---|---|---|---|
Acrobat and Reader DC | 23.003.20284 and older | 23.006.20320 | 1 | essential |
Acrobat and Reader 2020 | 20.005.30516 and older | 20.005.30524 | 1 | essential |
Experience Manager (AEM) | 6.5.17.0 and older | 6.5.18.0 | 2 | excessive |
AEM | AEM Cloud Service (CS) | 2023.8 | 2 | excessive |
Connect | 12.3 and older | 12.4.1 | 2 | excessive |
In August, Adobe fastened 30 vulnerabilities in its PDF instruments, Acrobat and Acrobat Reader. In September, just one extra is added — but it surely’s a doozy. Adobe classifies the vulnerability CVE-2023-26369 as essential. An attacker might inject and execute code with specifically ready PDF information. This is seemingly already occurring in “limited” assaults, in keeping with Adobe. The treatment is updates for Acrobat and Reader DC in addition to Acrobat and Reader 2020 (see desk).
Further studying: The greatest PDF editors
The Adobe Experience Manager (AEM) has two cross-site scripting (XSS) vulnerabilities (CVE-2023-38214, -38215) as much as and together with model 6.5.17.0. They might enable an attacker to execute arbitrary code and are thought of excessive danger. The AEM Cloud Service can be affected. Those who use it’s going to robotically obtain an replace to launch 2023.8. For AEM 6.5, the producer affords an replace to the safe model 6.5.18.0.
The presentation answer Connect additionally accommodates two such XSS vulnerabilities (CVE-2023-29305, -29306), which Adobe classifies as excessive danger. All variations as much as and together with 12.3 are susceptible. The vulnerabilities will probably be closed with the replace to model 12.4.1.
The newest Adobe Security Bulletins may be discovered on the corporate’s web site.
This article was translated from German to English and initially appeared on pcwelt.de.
Author: Frank Ziemann, Autor
Frank Ziemann ist seit 2005 als freier Autor für die PC-WELT tätig, schreibt News und Testberichte. Seine Themenschwerpunkte sind IT-Sicherheit (Malware, Antivirus, Sicherheitslücken) und Internet-Technik.
…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : PCWorld – https://www.pcworld.com/article/2067017/adobe-closes-0-day-gap-in-its-pdf-tools-attackers-are-already-exploiting-gap-2.html