Adobe PDFs under attack: Update Acrobat and Reader now

Table of Contents

On Update Tuesday on September 12, Adobe released several security updates to close five vulnerabilities in several programs, some of which are classified as critical. These affect the PDF tools Acrobat and Acrobat Reader, Connect, and Experience Manager. More worryingly, a vulnerability in the PDF tools is already being attacked. Adobe therefore assigns the highest priority level 1 to the PDF updates and the lowest priority level 3 to the others.

Adobe Updates in September

Productvulnerable version(s)vulnerable version(s)VulnerabilitiesRiskAcrobat and Reader DC23.003.20284 and older23.006.203201criticalAcrobat and Reader 202020.005.30516 and older20.005.305241criticalExperience Manager (AEM)6.5.17.0 and older6.5.18.02highAEMAEM Cloud Service (CS)2023.82highConnect12.3 and older12.4.12high

In August, Adobe fixed 30 vulnerabilities in its PDF tools, Acrobat and Acrobat Reader. In September, only one more is added — but it’s a doozy. Adobe classifies the vulnerability CVE-2023-26369 as critical. An attacker could inject and execute code with specially prepared PDF files. This is apparently already happening in “limited” attacks, according to Adobe. The remedy is updates for Acrobat and Reader DC as well as Acrobat and Reader 2020 (see table).

Further reading: The best PDF editors

The Adobe Experience Manager (AEM) has two cross-site scripting (XSS) vulnerabilities (CVE-2023-38214, -38215) up to and including version 6.5.17.0. They could allow an attacker to execute arbitrary code and are considered high risk. The AEM Cloud Service is also affected. Those who use it will automatically receive an update to release 2023.8. For AEM 6.5, the manufacturer offers an update to the secure version 6.5.18.0.

The presentation solution Connect also contains two such XSS vulnerabilities (CVE-2023-29305, -29306), which Adobe classifies as high risk. All versions up to and including 12.3 are vulnerable. The vulnerabilities will be closed with the update to version 12.4.1.

The latest Adobe Security Bulletins can be found on the company’s website.

This article was translated from German to English and originally appeared on pcwelt.de.

Business, Personal Software, Professional Software, Security Software and Services

PCWorld  On Update Tuesday on September 12, Adobe released several security updates to close five vulnerabilities in several programs, some of which are classified as critical. These affect the PDF tools Acrobat and Acrobat Reader, Connect, and Experience Manager. More worryingly, a vulnerability in the PDF tools is already being attacked. Adobe therefore assigns the highest priority level 1 to the PDF updates and the lowest priority level 3 to the others.

Adobe Updates in September

Productvulnerable version(s)vulnerable version(s)VulnerabilitiesRiskAcrobat and Reader DC23.003.20284 and older23.006.203201criticalAcrobat and Reader 202020.005.30516 and older20.005.305241criticalExperience Manager (AEM)6.5.17.0 and older6.5.18.02highAEMAEM Cloud Service (CS)2023.82highConnect12.3 and older12.4.12high

In August, Adobe fixed 30 vulnerabilities in its PDF tools, Acrobat and Acrobat Reader. In September, only one more is added — but it’s a doozy. Adobe classifies the vulnerability CVE-2023-26369 as critical. An attacker could inject and execute code with specially prepared PDF files. This is apparently already happening in “limited” attacks, according to Adobe. The remedy is updates for Acrobat and Reader DC as well as Acrobat and Reader 2020 (see table).

Further reading: The best PDF editors

The Adobe Experience Manager (AEM) has two cross-site scripting (XSS) vulnerabilities (CVE-2023-38214, -38215) up to and including version 6.5.17.0. They could allow an attacker to execute arbitrary code and are considered high risk. The AEM Cloud Service is also affected. Those who use it will automatically receive an update to release 2023.8. For AEM 6.5, the manufacturer offers an update to the secure version 6.5.18.0.

The presentation solution Connect also contains two such XSS vulnerabilities (CVE-2023-29305, -29306), which Adobe classifies as high risk. All versions up to and including 12.3 are vulnerable. The vulnerabilities will be closed with the update to version 12.4.1.

The latest Adobe Security Bulletins can be found on the company’s website.

This article was translated from German to English and originally appeared on pcwelt.de.

Business, Personal Software, Professional Software, Security Software and Services 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top