Adobe June 2023 Patch Day

On patch day in June, Adobe released important security updates for Animate, Commerce, Experience Manager and Substance 3D Designer. In some cases, the software manufacturer classifies the severity as critical. Attackers could attack computers running Adobe applications and compromise systems. Security updates are now available for download.

The macOS and Windows versions of Animate (CVE-2023-29321 high) and Substance 3D Designer (CVE-2023-21618 high) are vulnerable to malicious code attacks. Attackers could, for example, trigger a memory error in Animate (User After Free) in order to run their own code on systems. Attackers then usually gain full control over systems. How attacks could proceed in detail is not yet known.

The following new versions are now available:

• Animate 2022 22.0.10
• Animate 2023 23.0.2
• Substance 3D Designer 13.0.0

In Commerce, the developers have closed a total of twelve security vulnerabilities. One vulnerability (CVE-2023-29297) is classified as critical. Attackers could launch a stored XSS attack here. Most of the remaining gaps are rated medium. Attackers could circumvent security features at these points. Adobe lists the editions protected against such attacks in a Security Bulletin. All platforms are affected.

Experience Manager is threatened by four security vulnerabilities. All are rated medium. In the worst case, malicious code could get onto systems. How an attack could proceed is not yet clear. The versions AEM Cloud Service Release 2023.4 and 6.5.17.0, available for all platforms, provide a remedy.

Administrators should promptly download and install the updates for the other vulnerable programs.