Adobe updates available

The updates eliminate a total of 50 vulnerabilities in six product families such as Acrobat and Acrobat Reader, Dreamweaver, Photoshop, Illustrator, Animate and Magento. More than half of these vulnerabilities are classified as critical.

In the PDF tools Acrobat and Acrobat Reader Adobe eliminated 23 vulnerabilities, 17 of which are identified as critical. For CVE-2021-21017, Adobe states that there is a report that the vulnerability was exploited in attacks on Windows users of Acrobat Reader. This is remedied by updates for the three product generations Acrobat and Reader DC, Acrobat and Reader 2020 and Acrobat and Reader 2017, each for Windows and macOS.

In Photoshop 2020 up to 21.2.4 and in Photoshop 2021 up to 22.1.1 for Windows and macOS there are a total of five security vulnerabilities classified as critical. All of them could be exploited to inject and execute arbitrary code. Photoshop 2020 version 21.2.5 and Photoshop 2021 version 22.2 are covered.

Illustrator 2021 up to and including 25.1 for Windows has two identified vulnerabilities. An undersized buffer can cause injected code to execute. An update to version 25.2, available for Windows and macOS, fixes the problem.

A similar bug (CVE-2021-21052) is also found in Animate 21.0.2 and earlier for Windows. Adobe provides updates to version 21.0.3 for Windows and macOS.

Dreamweaver 20.2 and 21.0 for Windows and macOS contain the CVE-2021-21055 vulnerability. This is a data leak caused by an insecure search path element. This is reminiscent of loopholes that Adobe closed in several products in January. In Dreamweaver 20.2.1 and 21.1 the leak is stopped.

In its Magento shop software for all supported platforms Adobe has to close 18 security vulnerabilities. Seven of them are considered critical. In the worst case any code can be executed with the permissions of the current process.

Read the latest Adobe security bulletins on this page.

So please make sure to keep your Adobe software up to date!