Adobe plugs 22 PDF gaps – including many critical ones

Adobe provided important security updates at Patch Day in July. The manufacturer eliminates 27 security gaps in five programs, almost all of which it has identified as critical. Affected are Acrobat, Acrobat Reader, Photoshop, Character Animator and RoboHelp. According to Adobe, none of the vulnerabilities have been used for attacks so far.

The quarterly updates for the PDF tools Acrobat and Acrobat Reader account for the lion’s share of the fixed security gaps. This month alone, Adobe’s PDF tools account for 22 vulnerabilities, 15 of which the manufacturer classifies as critical. With specially prepared PDF files, an attacker could inject code and execute it with user rights. This can be remedied by updates for the three product generations that are still being maintained (Windows and macOS):

Adobe has fixed two vulnerabilities in Photoshop, one of which is classified as critical (RCE: Remote Code Execution). Photoshop 2022 up to and including version 23.3.2 and Photoshop 2021 up to and including 22.5.7 are vulnerable, each for Windows and macOS. The security gaps have been closed in the new versions Photoshop 2022 23.4.1 and Photoshop 2021 22.5.8.

▶The latest security updates

Character Animator 2022 up to version 22.4 and Character Animator 2021 up to 4.4.7, each for Windows and macOS, have two critical vulnerabilities (RCE: Remote Code Execution). As a solution to both, Adobe offers an update to Character Animator 2022 22.5, which you can obtain via the Creative Cloud.

RoboHelp up to and including RH2020.0.7 for Windows and macOS contains an XSS (Cross-site Scripting) vulnerability that could be exploited to execute arbitrary code. An update to RoboHelp RH2020.0.8 fixes the problem.

The current Adobe Security Bulletins can be found on the manufacturer’s website.