Adobe patched 46 Security Flaws in a Wide Range of Enterprise-facing Software Products
On Patch Tuesday release for June, Adobe released multiple security advisories to address 46 vulnerabilities in a wide range of enterprise-facing software products. The Most critical is the code execution flaws that expose macOS and Windows users to malicious attacks. The flaws affect Adobe Animate, Adobe Bridge, Adobe Illustrator, Adobe InCopy, Adobe InDesign, and RoboHelp Server.
The summary of Adobe’s Patches:
- Adobe Animate: This update resolves critical vulnerability tracked as CVE-2022-30664. This affects 22.0.5 and earlier version on Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.
- Adobe Bridge: This update addresses critical and important vulnerabilities tracked as CVE-2022-28839, CVE-2022-28840, CVE-2022-28841, CVE-2022-28842, CVE-2022-28843, CVE-2022-28844, CVE-2022-28845, CVE-2022-28846, CVE-2022-28847, CVE-2022-28848, CVE-2022-28849, and CVE-2022-28850. Successful exploitation could lead to arbitrary code execution, arbitrary file system writing, and memory leak. This affects 12.0.1 versions and earlier on Windows and macOS.
- Adobe Illustrator: This update resolves critical and important vulnerabilities tracked as as CVE-2022-30637, CVE-2022-30638, CVE-2022-30639, CVE-2022-30640, CVE-2022-30641, CVE-2022-30642, CVE-2022-30643, CVE-2022-30644, CVE-2022-30645, CVE-2022-30646, CVE-2022-30647, CVE-2022-30648, CVE-2022-30649, CVE-2022-30666, CVE-2022-30667, CVE-2022-30668and CVE-2022-30669. Successful exploitation could lead to arbitrary code execution and memory leaks. This affects 17.2 and earlier versions and 16.4.1 and earlier versions on Windows and macOS platforms.
- Adobe InCopy: This update addresses critical vulnerabilities tracked as CVE-2022-30650, CVE-2022-30651, CVE-2022-30652, CVE-2022-30653, CVE-2022-30654, CVE-2022-30655, CVE-2022-30656and CVE-2022-30657. Successful exploitation could lead to arbitrary code execution. This affects both Windows and macOS platforms.
- Adobe InDesign: This update addresses seven critical vulnerabilities tracked as CVE-2022-30658, CVE-2022-30659, CVE-2022-30661, CVE-2022-30662, CVE-2022-30663, CVE-2022-30665, and CVE-2022-30660. Successful exploitation could lead to arbitrary code execution. This affects 17.2.1 and earlier versions and 16.4.1 and earlier versions on Windows and macOS platforms.
- Adobe RoboHelp Server: This hotfix resolves a security vulnerability tracked as CVE-2022-30670. This allows end-users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator. Successful exploitation could lead to privilege escalation. This affects RHS 11 Update 3 and earlier versions on Windows.
Sources:
https://helpx.adobe.com/security/products/animate/apsb22-24.html
https://helpx.adobe.com/security/products/bridge/apsb22-25.html
https://helpx.adobe.com/security/products/illustrator/apsb22-26.html
https://helpx.adobe.com/security/products/incopy/apsb22-29.html
https://helpx.adobe.com/security/products/indesign/apsb22-30.html
https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html