Alert GCSA-23050 - Adobe Security Bulletin - Aprile 2023


******************************************************************

Alert ID: GCSA-23050
Data: 13 Aprile 2023
Titolo: Adobe Security Bulletin - Aprile 2023

******************************************************************


:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza:

APSB23-04 : Security update available for Adobe Digital Editions
APSB23-13 : Security update available for Adobe InCopy
APSB23-24 : Security update available for Adobe Acrobat and Reader
APSB23-26 : Security update available for Adobe Substance 3D Stager
APSB23-27 : Security update available for Adobe Dimension
APSB23-28 : Security update available for Adobe Substance 3D Designer

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe Digital Editions versione 4.5.11.187303 e precedenti per Windows
Adobe InCopy versioni 18.1 e 17.4 e precedenti per Windows e macOS
Adobe Acrobat e Acrobat Reader DC versione 23.001.20093 e precedenti per Windows e macOS
Adove Acrobat e Acrobat Reader 2020 versione 20.005.30441 e precedenti per Windows e macOS
Adobe Substance 3D Stager versione 2.0.1 e precedenti per Windows e macOS
Adobe Dimension versione 3.4.8 e precedenti per Windows e macOS
Adobe Substance 3D Designer versione 12.4.0 e precedenti per Windows e macOS


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Acquisizione di privilegi piu' elevati (EoP)
Rivelazione di informazioni (ID)
Bypass delle funzionalita' di sicurezza (SFB)


:: Soluzioni

Aggiornare i software alle ultime versioni

Adobe Digital Editions 4.5.11.187658 per Windows
Adobe InCopy 18.2 e 17.4.1 per Windows e macOS
Adobe Acrobat e Acrobat Reader DC 23.001.20143 per Windows e macOS
Adobe Acrobat e Acrobat Reader 2020 20.005.30467 per Windows e macOS
Adobe Substance 3D Stager 2.0.1 per Windows e macOS
Adobe Dimension 3.4.9 per Windows e macOS
Adobe Substance 3D Designer 12.4.1 per Windows e macOS


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/Digital-Editions/apsb23-04.html
https://helpx.adobe.com/security/products/incopy/apsb23-13.html
https://helpx.adobe.com/security/products/acrobat/apsb23-24.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html
https://helpx.adobe.com/security/products/dimension/apsb23-27.html
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-28.html

CSIRT Italia
https://www.csirt.gov.it/contenuti/adobe-rilascia-aggiornamenti-per-sanare-diverse-vulnerabilita-al02-230412-csirt-ita

CISA
https://www.cisa.gov/news-events/alerts/2023/04/11/adobe-releases-security-updates-multiple-products

CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2023-039

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29551




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZDfZpgAKCRDBnEyTZRJg
QuaoAJ4i5WgmQRAtw0QiXyjCIGtgKmkIsQCglYwbdJ5/LwkqXvjnb/P6FsJV49E=
=cVa+
-----END PGP SIGNATURE-----