On Adobe’s August patch day, the manufacturer reports some critical security gaps in its online shop software Commerce and Magento Open Source as well as Acrobat and Reader and other creative software. Updated packages are available to fix the vulnerabilities.
Vulnerable online shop systems
Seven of the gaps concern Adobe Commerce such as Magento Open Source before versions 2.3.7-p4, 2.4.3-p3, 2.4.4-p1, 2.4.5. The manufacturer classifies an XML injection vulnerability that allows the execution of smuggled malicious code as critical (CVE-2022-34253, CVSS 9.1Risk “critical“). Three other vulnerabilities allow attackers to inject arbitrary code. Their severity ranges from critical to moderate, partly deviating from the CVSS classification (CVE-2022-34254, CVSS 8.5, hoch; CVE-2022-34257, CVSS 6.1, medium; CVE-2022-34258, CVSS 3.5, low).
Due to two vulnerabilities, malicious actors could escalate their privileges, which Adobe classifies as critical (CVE-2022-34255, CVSS 8.3, hoch; CVE-2022-34256, CVSS 8.2, hoch). A final vulnerability allows bypassing security features (CVE-2022-34259, CVSS 5.3, medium).
Adobe has also released security updates for Adobe Acrobat and Reader for macOS and Windows that correct seven critical to important security bugs. Attackers could use the vulnerabilities to inject malicious code or to read memory areas without permission. The errors are in the versions Acrobat und Reader DC 22.002.20191, Acrobat und Reader 2020 20.005.30381 such as Acrobat und Reader 2017 17.012.30262 fixed for macOS and Windows.
With Adobe Illustrator 2021 25.4.7 such as Illustrator 2022 26.4 the company closes four vulnerabilities, two of which are considered critical and allow the execution of subscripted code. The Versions Adobe FrameMaker v15.0.8 (2019) such as v16.0.4 (2020) seal six leaks, five of which pose a critical risk. Finally, in versions before Adobe Premiere Elements 2022 (Version 20.0 20220702.Git.main.e4f8578) A critical vulnerability was found for macOS and Windows, which the current version fixes.
Adobe lists the updated products on its website. There you will also find further details, such as how administrators can distribute the updates in managed environments. The online shop systems in particular should be brought up to date as soon as possible by IT managers. Creative software users and administrators should also not hesitate to apply the available updates.
To home page