Adobe has provided several important security updates during Patch Day. The manufacturer eliminates 17 security gaps in five programs, many of these gaps are identified as critical. Premiere Rush, Photoshop, Illustrator, After Effects and Creative Cloud Desktop are affected. According to Adobe, none of the gaps have been used for attacks so far.
In Illustrator 2021 to version 25.4.3 and Illustrator 2022 to version 26.0.2 for Windows and macOS, security researchers from Fortinet FortiGuard have discovered 13 vulnerabilities and reported them to Adobe. Adobe identifies two of these gaps (CVE-2022-23186, CVE-2022-23188) as a high risk. Updates to Illustrator versions 2021 25.4.4 and 2022 26.0.3 close the gaps.
Photoshop 2021 to version 22.5.4 and Photoshop 2022 to version 23.1 for Windows and macOS contain a vulnerability also discovered in FortiGuard (CVE-2022-23203). Adobe considers this vulnerability to be critical. Updates to Photoshop 2021 22.5.5 and Photoshop 2022 23.1.1 provide a remedy.
After Effects which almost singlehandedly contributed to Adobe’s Patch Day in January also has security flaws. In After Effects up to and including 18.4.3 and 22.1.1, Mat Powell (Trend Micro ZDI) has discovered a vulnerability (CVE-2022-23200) that Adobe considers critical. The error occurs when processing 3GP files and can be exploited to inject and execute code. Adobe provides updates to After Effects 18.4.4 and 22.2 versions.
The installer of the Creative Cloud Desktop App up to version 2.7.0.13 for Windows has a vulnerability (CVE-2022-23202) that Adobe considers critical. Any code can be executed through an uncontrolled search path element. In the new version 2.7.0.15, the error is fixed.
Powell has also found a vulnerability in Premiere Rush 2.0 (and older). The vulnerability CVE-2022-23204 identifies Adobe as a medium risk. An attacker could gain higher permissions. The update to Rush 2.3 fixes the problem.
The current Adobe Security Bulletins can be found on this Adobe page.
Want Photoshop? Read How to get Photoshop for Mac.
This article originally appeared on Macwelt. Translation by Karen Haslam.