Patchday Adobe: Acrobat, Illustrator & Co. as a loophole for malicious code
Adobe classifies several security vulnerabilities in its products as critical. Security updates are available.
(Image: heise online)
Attackers can target vulnerabilities in Acrobat and Reader, Bridge, Commerce, Dimension, Illustrator, InCopy, InDesign, Photoshop, Substance 3D Designer, Substance 3D Sampler and Substance 3D Stager.
Compromising computers
In many cases, attackers can successfully exploit the vulnerabilities to push malicious code onto systems and execute it. Adobe classifies the majority of vulnerabilities as"critical".
Videos by heise
In some cases, attackers can also gain higher rights or bypass security features. The developers are not currently explaining how attacks could take place in detail. So far there is no information on attacks.
As a list of the secured versions is beyond the scope of this report, admins must study the linked warning messages from Adobe.
- Acrobat and Reader
- Commerce
- Adobe Bridge
- Dimension
- Illustrator
- InCopy
- InDesign
- Photoshop
- Substance 3D Designer
- Substance 3D Sampler
- Substance 3D Stager
(des)
