On Update Tuesday on September 12, Adobe released several security updates to close five vulnerabilities in several programs, some of which are classified as critical. A vulnerability in the PDF tools is already being attacked. Adobe therefore assigns the highest priority level 1 to the PDF updates and the lowest priority level 3 to the others.
Adobe Updates in September
| Product | vulnerable version(s) | vulnerable version(s) | Vulnerabilities | Risk |
|---|---|---|---|---|
| Acrobat and Reader DC | 23.003.20284 and older | 23.006.20320 | 1 | critical |
| Acrobat and Reader 2020 | 20.005.30516 and older | 20.005.30524 | 1 | critical |
| Experience Manager (AEM) | 6.5.17.0 and older | 6.5.18.0 | 2 | high |
| AEM | AEM Cloud Service (CS) | 2023.8 | 2 | high |
| Connect | 12.3 and older | 12.4.1 | 2 | high |
In August, Adobe fixed 30 vulnerabilities in its PDF tools, Acrobat and Acrobat Reader. In September, only one more is added. Adobe classifies the vulnerability CVE-2023-26369 as critical.
The Adobe Experience Manager (AEM) has two cross-site scripting vulnerabilities up to and including version 6.5.17.0. They could allow an attacker to execute arbitrary code and are considered high risk. Those who use it will automatically receive an update to release 2023.8. For AEM 6.5, the manufacturer offers an update to the secure version 6.5.18.0.
The vulnerabilities will be closed with the update to version 12.4.1.
