Adobe November 2023 Patch Day
Malicious code gvulnerabilities fixed in Acrobat, Photoshop & Co.
Adobe has released security updates for 15 applications. In the worst case, attackers can execute their own code on systems. Anyone who uses Acrobat and Reader, After Effects, Animate, Audition, Bridge, ColdFusion, Dimension, FrameMaker, InCopy, InDesign, Media Encoder, Photoshop, Premiere Pro, Publishing Server or RoboHelp should install the latest versions for security reasons.
The developers have fixed most of the vulnerabilities in Acrobat and Reader. Here attackers can provoke memory errors and thus push their own code onto the computer and execute it. This usually leads to complete system compromise. What such an attack could look like is not yet known.
Two vulnerabilities (CVE-2023-44350, CVE-2023-44351) in ColdFusion are classified as critical. Here attackers can cause untrustworthy data to be processed. Photoshop is vulnerable to malicious code attacks. Attackers can also provoke data leaks here.
Attackers can use the vulnerabilities in InDesign to carry out DoS attacks, among other things. With FrameMaker Publishing Server, bypassing security features is conceivable. A vulnerability (CVE-2023-22273 "high") in RoboHelp Server can in turn allow malicious code to pass through to systems. After Effects is also vulnerable to malicious code attacks and users should install the available patches promptly.
The majority of vulnerabilities affect macOS and Windows. Information about the secured versions can be found in the warning messages linked below.
Acrobat and Reader After Effects Animate Audition Bridge ColdFusion Dimension FrameMaker InCopy InDesign Media Encoder Photoshop Premiere Pro Publishing Server RoboHelp