Advisory: Adobe Releases Critical Security Updates

Adobe has released security updates to address vulnerabilities in ColdFusion, Acrobat Reader, Adobe Commerce, and Adobe Dimension.

An attacker could exploit some of these vulnerabilities to take control of an affected system.

ColdFusion versions 2021 and 2018: these updates resolve critical, important and moderate  vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, security feature bypass and privilege escalation.
Adobe Acrobat and Reader for Windows and macOS: these updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service and memory leak.
Adobe Commerce (and Magento Open Source): this update resolves a critical and medium vulnerability.  Successful exploitation could lead to arbitrary code execution and security feature bypass.
Adobe Dimension: this update addresses critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user.

Recommendations

Organisations are encouraged to review the Adobe security pages and apply the following updates.

	APSB22-44: ColdFusion https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html
	APSB22-46: Acrobat Reader https://helpx.adobe.com/security/products/acrobat/apsb22-46.html
	APSB22-48: Adobe Commerce https://helpx.adobe.com/security/products/magento/apsb22-48.html
	APSB22-57: Adobe Dimension https://helpx.adobe.com/security/products/dimension/apsb22-57.html

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics