Skip to main content

Overview

Adobe has released security updates to address vulnerabilities in ColdFusion, Acrobat Reader, Adobe Commerce, and Adobe Dimension.

An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • ColdFusion versions 2021 and 2018: these updates resolve critical, important and moderate  vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, security feature bypass and privilege escalation.
  • Adobe Acrobat and Reader for Windows and macOS: these updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service and memory leak.
  • Adobe Commerce (and Magento Open Source): this update resolves a critical and medium vulnerability.  Successful exploitation could lead to arbitrary code execution and security feature bypass.
  • Adobe Dimension: this update addresses critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user.    

Recommended Action

Recommendations

Organisations are encouraged to review the Adobe security pages and apply the following updates.

 

APSB22-44: ColdFusion


https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html

 

APSB22-46: Acrobat Reader


https://helpx.adobe.com/security/products/acrobat/apsb22-46.html

 

APSB22-48: Adobe Commerce


https://helpx.adobe.com/security/products/magento/apsb22-48.html

 

APSB22-57: Adobe Dimension


https://helpx.adobe.com/security/products/dimension/apsb22-57.html

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates