Security updates for Acrobat, InDesign and more

Adobe has released security updates for five programs overall on the first Patch Day of the year. The updates eliminate 41 security vulnerabilities that are mostly classified as critical. Acrobat and Reader, Illustrator, Bridge, InCopy and InDesign are affected. According to Adobe, none of the vulnerabilities have been used for attacks so far.

Adobe has fixed 26 vulnerabilities in its PDF tools Acrobat and Acrobat Reader for Windows and macOS. These include 16 security vulnerabilities that Adobe classifies as critical. Attackers could use specially crafted PDF files to inject and execute code. Adobe continues to maintain three product generations of its PDF tools and has provided updates for these to fill the gaps.

In the layout software InDesign up to and including version 16.4 for Windows and macOS three security flaws have been fixed. Two of the vulnerabilities (CVE-2021-45057, -45058) are identified by Adobe as critical. An update to InDesign 16.4.1 eliminates these weaknesses.

Two vulnerabilities have been discovered in Illustrator 2021 up to version 25.4.2 and Illustrator 2022 up to version 26.0.1 for Windows and macOS. One of the vulnerabilities is considered to be high risk, and one is considered to be medium risk. Updates to Illustrator versions 2021 25.4.3 and 2022 26.0.2 close the vulnerabilities.

InCopy up to 16.4 for Windows and macOS has four security vulnerabilities, three of which Adobe has identified as critical. An update to InCopy 16.4.1 fixes these.

In Bridge 12.0 and 11.1.2 (and earlier) for Windows and macOS six security vulnerabilities where fixed, one of which (CVE-2021-44743) is considered critical. In versions 12.0.1 and 11.1.3 the vulnerabilities have been fixed.