Adobe September 2023 Patch Day
Updates are available for Acrobat and Reader, Connect and Experience Manager.
With the current Patch Day Adobe has fixed several security vulnerabilities in Acrobat and Reader, Connect and Experience Manager.
The software manufacturer Adobe warns of attacks on Acrobat Reader and has published versions protected against it. Anyone who uses the applications should ensure they are updated.
In the according Security Bulletin, Adobe speaks of limited attacks. If attackers successfully attack the vulnerability (CVE-2023-26369 high), this should lead to a memory error (out-of-bounds write) and this will allow malicious code to get onto systems. To protect macOS and Windows, Adobe has released the following patched editions:
- Acrobat DC Continuous 23.006.20320
- Acrobat Reader DC Continuous 23.006.20320
- Acrobat 2020 Classic 2020 20.005.30524
- Acrobat Reader 2020 Classic 2020 20.005.30524
Connect and Experience Manager are also vulnerable to malicious code attacks in the XSS context. The vulnerabilities are classified with a medium threat level. These versions are equipped to combat this:
- Adobe Experience Manager AEM Cloud Service Release 2023.8 and 22.214.171.124
- Adobe Connect 12.4.1
Adobe recommends users update their software installations to the latest versions.