CybersecurityTech News

Patchday: Adobe closes critical gaps in commerce and creative programs

Adobe closes several security gaps, some of which are critical, for the August patch day. Affected are Adobe Commerce and Magento as well as PDF and creative software.

 

On Adobe’s August patch day, the manufacturer reports some critical security gaps in its online shop software Commerce and Magento Open Source as well as Acrobat and Reader and other creative software. Updated packages are available to fix the vulnerabilities.

 

Seven of the gaps concern AdobeCommerce such as Magento open source before versions 2.3.7-p4, 2.4.3-p3, 2.4.4-p1, 2.4.5. The manufacturer classifies an XML injection vulnerability that allows the execution of smuggled malicious code as critical (CVE-2022-34253, CVSS 9.1risk “critical“). Three other vulnerabilities allow attackers to inject arbitrary code. Their severity ranges from critical to moderate, partly deviating from the CVSS classification (CVE-2022-34254, CVSS 8.5, high; CVE-2022-34257, CVSS 6.1, medium; CVE-2022-34258, CVSS 3.5, low).

Due to two vulnerabilities, malicious actors could escalate their privileges, which Adobe classifies as critical (CVE-2022-34255, CVSS 8.3, high; CVE-2022-34256, CVSS 8.2, high). A final vulnerability allows bypassing security features (CVE-2022-34259, CVSS 5.3, medium).

Adobe has also released security updates for Adobe Acrobat and Reader for macOS and Windows that correct seven critical to important security bugs. Attackers could use the vulnerabilities to inject malicious code or to read memory areas without permission. The errors are in the versions Acrobat and Reader DC 22.002.20191, Acrobat and Reader 2020 20.005.30381 such as Acrobat and Reader 2017 17.012.30262 fixed for macOS and Windows.

With Adobe Illustrator 2021 25.4.7 such as Illustrator 2022 26.4 the company closes four vulnerabilities, two of which are considered critical and allow the execution of subscripted code. The Versions Adobe FrameMaker v15.0.8 (2019) such as v16.0.4 (2020) seal six leaks, five of which pose a critical risk. Finally, in versions before Adobe Premiere Elements 2022 (Version 20.0 20220702.Git.main.e4f8578) A critical vulnerability was found for macOS and Windows, which the current version fixes.

Adobe lists the updated products on its website. There you will also find further details, such as how administrators can distribute the updates in managed environments. IT managers should update the online shop systems as quickly as possible. Creative software users and administrators should also not hesitate to apply the available updates.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button