Adobe updates fix vulnerabilities in After Effects, Acrobat and others
Adobe has released security updates for ten programs. The updates for Acrobat Reader and After Effects eliminate security vulnerabilities classified as critical.
David FischerAdobe is contributing security updates to the Patch Day in June that close 41 vulnerabilities in ten products. In the previous month there were 43 vulnerabilities in 12 programs.
This time the software manufacturer eliminates weaknesses in Acrobat and Reader, Experience Manager, Creative Cloud Desktop, Premiere Elements, Photoshop and Photoshop Elements, Connect, After Effects, Animate and RoboHelp Server. Half of these security vulnerabilities have been identified as *critical. Attacks that exploit these vulnerabilities are not known.
Adobe has eliminated a total of five vulnerabilities in Acrobat and Acrobat Reader, all of which the manufacturer identified as critical. They can be exploited with prepared PDF files to smuggle in arbitrary code and execute it with user rights.
In After Effects up to 18.2, Adobe has fixed 16 security vulnerabilities, eight of which the manufacturer identifies as critical. In the worst case, an attacker could use arbitrary code and execute it with user rights. An update to version 18.2.1 fixes these vulnerabilities.
Adobe Animate 21.0.6 and earlier have eight vulnerabilities, half of which Adobe has classified as critical. These allow for code execution or data leakage. An update to version 21.0.7 closes the vulnerabilities.
In Photoshop 2020 21.2.8 and older and in Photoshop 2021 22.4.1 and older, Adobe has fixed two vulnerabilities classified as critical. The buffer overflows could allow an attacker to inject and execute arbitrary code. This is fixed by updates to Photoshop 2020 21.2.9 and Photoshop 2021 22.4.2.
Adobe has fixed the same bug in the installer for the Creative Cloud desktop app, Premiere Elements and Photoshop Elements. It creates a temporary file with the wrong permissions, which Adobe sees as a high risk. In the Creative Cloud desktop app, there is also the critical vulnerability CVE-2021-28594, which consists of an insecure search path. The updates eliminate these problems.
About Author
David Fischer
I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.