Adobe Releases Critical Updates for Multiple Products

Adobe Vulnerability

⚡ TL;DR | Go Straight to the Adobe Security Update Report

Adobe has released its September Security Update addressing 63 vulnerabilities across 7 products. All of these vulnerabilities received a CVSS base score between 5.3 and 7.8, with 35 of them being critical. Exploitation could lead to a number of problems like arbitrary code execution, security feature bypass, arbitrary file system read, and memory leak. For your organization, this could result in the loss or even theft of business-critical or sensitive files and data, disruptions in business operations, and application failures.

As the vulnerabilities affect several different Adobe products and versions, you can find lists of the affected versions per product below.

Affected Software and Versions

Adobe Experience Manager

In Adobe Experience Manager 11 vulnerabilities were fixed, though none of them are critical. For the updates, detailed instructions can be found on Adobe's bulletin-(APSB22-40). If you are running on Adobe Experience Manager's Cloud Service, you will automatically receive updates that include new features as well as security and functionality bug fixes.

ProductAffected VersionUpdated versionAvailability
Adobe Experience Manager (AEM)AEM Cloud Service (CS)AEM Cloud Service (CS)Release Notes
6.5.13.0 and earlier versions6.5.14.0AEM 6.5 Service Pack Release Notes

Adobe Bridge

Another 12 vulnerabilities were patched in Adobe Bridge (APSB22-49) for Windows and macOS, 10 of them critical. Adobe recommends that you update your installation to the newest version via the Creative Cloud desktop app's update mechanism. Detailed instructions are available on the help page.

ProductAffected VersionUpdated versionAvailability
Adobe Bridge12.0.2 and earlier versions12.0.3Download Page   
11.1.3 and earlier versions11.1.4Download Page   

Adobe InDesign 

In Adobe InDesign (APSB22-50) for Windows and macOS, 18 vulnerabilities were fixed, including 8 critical ones. Adobe recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. You can find more information on their help page.

ProductAffected versionUpdated Version
Adobe InDesign17.3 and earlier versions17.4
16.4.2 and earlier versions16.4.3

Adobe Photoshop

In Adobe Photoshop 2021 and 2022 (APSB22-52) for Windows and macOS, 10 vulnerabilities have been patched, 9 of which were critical. Adobe recommends that you update your installation to the newest version via the Creative Cloud desktop app's update mechanism. You can find more information on the help page.

ProductAffected versionUpdated Version
Photoshop 202122.5.8 and earlier versions22.5.9
Photoshop 202223.4.2 and earlier versions23.5

Adobe InCopy 

7 vulnerabilities were fixed in Adobe InCopy (APSB22-53) for Windows and macOS, 5 of which are critical. You are advised to update your software installations via the Creative Cloud desktop app updater, or by navigating to the InCopy Help menu and clicking "Updates." More information can be found on the help page.

ProductAffected versionUpdated Version
Adobe InCopy17.3 and earlier version17.4
16.4.2 and earlier version16.4.3

Adobe Animate

In Adobe Animate 2021 and 2022 (APSB22-54) 2 critical vulnerabilities were patched that could lead to arbitrary code execution in the context of the current user. Adobe recommends that you update your installation using the Creative Cloud desktop app's updater. You can find more details on the help page.

ProductAffected versionUpdated VersionAvailability
Adobe Animate 202121.0.11 and earlier versions21.0.12Download Center
Adobe Animate 202222.0.7 and earlier versions22.0.8Download Center

Adobe Illustrator 

Finally, 3 more vulnerabilities were patched in Adobe Illustrator 2021 and 2022 (APSB22-55), 1 of them critical. These can also be updated via the Creative Cloud desktop app's update mechanism. For more information, you can check the help page.

ProductAffected versionUpdated VersionAvailability
Illustrator 202226.4 and earlier versions26.5Download Page
Illustrator 202125.4.7 and earlier versions25.4.8Download Page

Discover Vulnerable Devices

You can use Lansweeper to discover any installs of vulnerable Adobe products and versions in your network. This way you have an actionable list of devices and software that might require a patch. Based on this list of affected products and versions shared by Adobe, we have created a special Lansweeper report that will provide a list of all installations in your environment that could be affected by these vulnerabilities.

Adobe September 2022 CVE Codes & Categories

CVE numbersVulnerability CategoryCVSS base score
CVE-2022-30677Cross-site Scripting (XSS) (CWE-79)5.4
CVE-2022-30678Cross-site Scripting (XSS) (CWE-79)5.4
CVE-2022-30680Cross-site Scripting (XSS) (CWE-79)5.4
CVE-2022-30681Cross-site Scripting (Stored XSS) (CWE-79)5.4
CVE-2022-30682Cross-site Scripting (Stored XSS) (CWE-79)6.4
CVE-2022-30683Violation of Secure Design Principles (CWE-657)5.3
CVE-2022-30684Cross-site Scripting (Reflected XSS) (CWE-79)5.4
CVE-2022-30685Cross-site Scripting (Reflected XSS) (CWE-79)5.4
CVE-2022-30686Cross-site Scripting (Reflected XSS) (CWE-79)5.4
CVE-2022-35664Cross-site Scripting (Reflected XSS) (CWE-79)5.4
CVE-2022-34218Cross-site Scripting (Reflected XSS) (CWE-79)5.4
CVE-2022-35699Out-of-bounds Write (CWE-787)7.8
CVE-2022-35700Out-of-bounds Write (CWE-787)7.8
CVE-2022-35701Out-of-bounds Write (CWE-787)7.8
CVE-2022-35702Out-of-bounds Read (CWE-125)7.8
CVE-2022-35703Out-of-bounds Read (CWE-125)7.8
CVE-2022-35704Use After Free (CWE-416)7.8
CVE-2022-35705Out-of-bounds Read (CWE-125)7.8
CVE-2022-35706Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-35707Out-of-bounds Read (CWE-125)7.8
CVE-2022-35708Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-35709Use After Free (CWE-416)5.5
CVE-2022-38425Use After Free (CWE-416)5.5
CVE-2022-28851 (This CVE is only available in the latest version, ID 17.4)Improper Input Validation (CWE-20)7.5
CVE-2022-28852Out-of-bounds Write (CWE-787)7.8
CVE-2022-28853Out-of-bounds Write (CWE-787)7.8
CVE-2022-28854Out-of-bounds Read (CWE-125)5.5
CVE-2022-28855Out-of-bounds Read (CWE-125)5.5
CVE-2022-28856Out-of-bounds Read (CWE-125)5.5
CVE-2022-28857Out-of-bounds Read (CWE-125)5.5
CVE-2022-30671Out-of-bounds Read (CWE-125)5.5
CVE-2022-30672Out-of-bounds Read (CWE-125)5.5
CVE-2022-30673Out-of-bounds Read (CWE-125)5.5
CVE-2022-30674Out-of-bounds Read (CWE-125)5.5
CVE-2022-30675Out-of-bounds Read (CWE-125)5.5
CVE-2022-30676Out-of-bounds Read (CWE-125)5.5
CVE-2022-38413Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38414Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38415Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38416Out-of-bounds Read (CWE-125)7.8
CVE-2022-38417Out-of-bounds Read (CWE-125)7.8
CVE-2022-35713Out-of-bounds Write (CWE-787)7.8
CVE-2022-38426Access of Uninitialized Pointer (CWE-824)7.8
CVE-2022-38427Access of Uninitialized Pointer (CWE-824)7.8
CVE-2022-38428Use After Free (CWE-416)5.5
CVE-2022-38429Out-of-bounds Read (CWE-125)7.8
CVE-2022-38430Out-of-bounds Read (CWE-125)7.8
CVE-2022-38431Out-of-bounds Read (CWE-125)7.8
CVE-2022-38432Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38433Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38434Use After Free (CWE-416)7.8
CVE-2022-38401Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38402Out-of-bounds Read (CWE-125)7.8
CVE-2022-38403Out-of-bounds Read (CWE-125)7.8
CVE-2022-38404Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38405Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38406Out-of-bounds Read (CWE-125)5.5
CVE-2022-38407Out-of-bounds Read (CWE-125)5.5
CVE-2022-38411Heap-based Buffer Overflow (CWE-122)7.8
CVE-2022-38412Out-of-bounds Read (CWE-125)7.8
CVE-2022-38408Improper Input Validation (CWE-20)7.8
CVE-2022-38409Out-of-bounds Read (CWE-125)5.5
CVE-2022-38410Out-of-bounds Read (CWE-125)5.5
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​