Adobe applications can leave malicious code on computers. Therefore Adobe released important security updates for Adobe Commerce, Dimension, Reader and XMP Toolkit SDK.

Adobe application users should review the alerts linked below and install the security patches that affect them as soon as possible. Otherwise, in the worst case, attackers with malicious code can spread to systems.

The most dangerous is a critical malicious code vulnerability (CVE-2023-38208) in Commerce and Magento Open Source. Due to insufficient checks, attackers can attack the vulnerability with prepared OS commands and execute their own code in the online shop system. This usually leads to a complete compromise of a system.

Acrobat Reader is vulnerable to multiple vulnerabilities. Attackers can bypass security mechanisms or execute malicious code here, among other things. This affects versions for macOS and Windows. Dimension is also vulnerable to malicious code attacks on macOS and Windows. The XMP Toolkit SDK can serve as a starting point for a DoS attack.

List of affected software products:

AdobeCommerce

Adobe has released security updates for Adobe Commerce and Magento Open Source. The updates resolves critical and important vulnerabilities.  "Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read" Adobe says.

Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. "Successful exploitation could lead to application denial-of-service, security feature bypass, memory leak and arbitrary code execution.", Adobe says.

Dimension

Adobe has released an update for Adobe Dimension. This update addresses critical and moderate vulnerabilities in Adobe Dimension. "Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user.", Adobe says.     

Adobe XMP Toolkit SDK

Adobe has released updates for XMP-Toolkit-SDK. This update resolves an important vulnerability. "Successful exploitation could lead to application denial of service. ", Adobe says.