Adobe Releases Important Security Updates For Multiple Products - 20230809001

Overview

Adobe has released security updates that address critical, important and moderate vulnerabilities in a number of their popular products such as Adobe Acrobat and Reader.

Successful exploitation could lead to security feature bypass, arbitrary code execution, arbitrary file system read and more.

What is the vulnerability?

There is a number of vulnerabilities for each product. Please review each product's security bulletin for details.

• Security update available for Adobe Acrobat and Reader | APSB23-30
• Security update available for Adobe Commerce | APSB23-42
• Security updates available for Dimension | APSB23-44
• Security updates Available for Adobe XMP Toolkit SDK | APSB23-45

What is vulnerable?

The vulnerability affects the following products:

• Acrobat DC, Acrobat Reader DC - 23.003.20244 and earlier versions
• Acrobat 2020, Acrobat Reader 2020 - 20.005.30467 and earlier versions
• Adobe Commerce - Review the Security Bulletin for a list of affected versions
• Magento Open Source - Review the Security Bulletin for a list of affected versions
• Adobe Dimension - 3.4.9 and earlier versions
• Adobe XMP-Toolkit-SDK - 2022.06 and earlier versions

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within the expected timeframes recommended in the Patch Management guidelines:

• Security update available for Adobe Acrobat and Reader | APSB23-30
• Security update available for Adobe Commerce | APSB23-42
• Security updates available for Dimension | APSB23-44
• Security Updates Available for Adobe XMP Toolkit SDK | APSB23-45