Issued: Tuesday, 20 September, 2022 |
Last Revision: Tuesday, 20 September, 2022 |
Vendor: |
Product: |
Severity Level: |
Adobe has rolled out numerous security fixes and updates addressing more than 60 exploitable vulnerabilities in its products line, specifically, the Creative Cloud bundle. The roll out has targeted the following products: Bridge, InDesign, Photoshop, InCopy, Animate, and Illustrator.
Attacker can exploit vulnerabilities in the affected versions of these products through arbitrary code execution and memory leakages in the both leading operating systems, Windows and MacOS. This threat has direct impact to confidentiality, and to some degree, availability and integrity as well.
CVE/Vulnerability | Description | CVSS3.0 Score |
multiple (check the affected products below) | Arbitrary Code execution | 7.8 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) | Affected Versions |
CVE-2022-35700 → CVE-2022-35709 | Adobe Bridge | 12.0.2 and earlier |
11.1.3 and earlier | ||
CVE-2022-28851 → CVE-2022-28857, and CVE-2022-38414 → CVE-2022-38417 | Adobe InDesign | 17.3 and earlier |
16.4.2 and earlier | ||
CVE-2022-38426 → CVE-2022-38434, and CVE-2022-38413 | Adobe Photoshop | 22.5.8 and earlier |
23.4.2 and earlier | ||
CVE-2022-38401 → CVE-2022-38407 | Adobe InCopy | 17.3 and earlier |
16.4.2 and earlier | ||
CVE-2022-38411 | Adobe Animate | 21.0.11 and earlier |
CVE-2022-38412 | 22.0.7 and earlier | |
CVE-2022-38408 | Adobe Illustrator | 26.4 and earlier |
25.4.7 and earlier |
Table 2: Vulnerable versions
Apply the following updates either via Creative Cloud platform or from Adobe website:
Product | Version |
|
Adobe Bridge | 12.0.3 |
|
11.1.4 |
| |
Adobe InDesign | 17.4 |
|
16.4.3 |
| |
Adobe Photoshop | 22.5.9 |
|
23.5 |
| |
Adobe InCopy | 17.4 |
|
16.4.3 |
| |
Adobe Animate | 21.0.12 |
|
22.0.8 |
| |
Adobe Illustrator | 26.5 |
|
25.4.8 |
|