Adobe Issues Four Patches for 29 Bugs

 

Bugs patched by Adobe
Adobe issued four patches to fix 29 security bugs in its first batch of security patches for 2023 across its Acrobat and Reader, InDesign, InCopy, and Dimension software. The firm is unaware of any exploits in the wild for any of these bugs.

Acrobat and Reader software update
The Acrobat and Reader software update remediates 15 critical and important bugs. These would expose Windows and macOS users to application denial-of-service (DoS), arbitrary code execution, privilege escalation, and memory leak.

InDesign
InDesign has six critical and important bugs. They could enable arbitrary code execution, application denial-of-service (DoS), and memory leak attacks. The bugs impact users on Windows and macOS platforms.  

InCopy
There are six bugs in InCopy. They could expose Windows and macOS users to arbitrary code execution and memory leaks. 

Dimension
Two bugs were found in Dimension. These bugs could expose Windows and macOS users to arbitrary code execution and memory leaks in the context of the current user.

Corrective action
Adobe has made the latest product versions available to end users. It urges users to update their software installations to the newest versions.

 

Impacted products and versions
Acrobat DC - 22.003.20282 (Win), 22.003.20281 (Mac), and prior versions 
- Acrobat Reader DC - 22.003.20282 (Win), 22.003.20281 (Mac), and  prior versions
- Acrobat 2020 - 20.005.30418 and prior versions
- Acrobat Reader 2020 - 20.005.30418 and prior versions
- Acrobat DC - 22.003.20310
- Acrobat Reader DC - 22.003.20310
- Acrobat 2020 - 20.005.30436
- Acrobat Reader 2020 - 20.005.30436

The remediated bugs
Critical severity bugs
- CVE-2023-21579: Integer Overflow or Wraparound bug
- CVE-2023-21604: Stack-based Buffer Overflow bug
- CVE-2023-21605: Heap-based Buffer Overflow bug
- CVE-2023-21606: Out-of-bounds Write bug
- CVE-2023-21607: Improper Input Validation bug
- CVE-2023-21608: Use After Free bug
- CVE-2023-21609: Out-of-bounds Write  bug
- CVE-2023-21610: Stack-based Buffer Overflow bug

Important severity bugs
- CVE-2023-21581: Out-of-bounds Read bug
- CVE-2023-21585: Out-of-bounds Read bug
- CVE-2023-21586: NULL Pointer Dereference bug
- CVE-2023-21611: Violation of Secure Design Principles bug
- CVE-2023-21612: Violation of Secure Design Principles bug
- CVE-2023-21613: Out-of-bounds Read bug
- CVE-2023-21614: Out-of-bounds Read bug

Action Required

For Security Advisories Services and further assistance, please don't hesitate to contact us:


Email: sales@r4im.com

Phone: 0529386413

We're here to help you stay secure and informed in the ever-changing landscape of cybersecurity.

Related Post

Security Bypass Vulnerability [CVE-2023-46033] in D-Link Routers

A vulnerability [CVE-2023-46033] has been identified in multiple D-Link routers which could allow spammers to perform certain unauthorized actions in the context of an affected system.

Multiple vulnerabilities have been identified in Oracle products

Multiple vulnerabilities have been identified in Oracle products which could be exploited potentially by a malicious users

Category