Alert GCSA-23116 - Adobe Security Bulletin

******************************************************************

Alert ID: GCSA-23116
Data: 14 Settembre 2023
Titolo: Adobe Security Bulletin - Settembre 2023

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza

APSB23-33 Security update available for Adobe Connect
APSB23-34 Security update available for Adobe Acrobat and Reader
APSB23-43 Security update available for Adobe Experience Manager

NOTA: la vulnerabilita' CVE-2023-26369 relativa ad Acrobat and Reader
risulta sfruttata attivamente in rete

Maggiori informazioni sono disponibili alla sezione "Riferimenti".

:: Software interessato

Acrobat DC versione 23.003.20284 e precedenti
Acrobat Reader DC versione 23.003.20284 e precedenti
Acrobat 2020 versione 20.005.30516 (Mac) e precedenti
Acrobat 2020 versione 20.005.30514 (Win) e precedenti
Acrobat Reader 2020 versione 20.005.30516 (Mac) e precedenti
Acrobat Reader 2020 versione 20.005.30514 (Win) e precedenti
Adobe Experience Manager (AEM) AEM Cloud Service (CS) versione 2023.8 e precedenti
Adobe Experience Manager (AEM) versione 6.5.17.0 e precedenti
Adobe Connect versione 12.3 e precedenti

:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Cross-site Scripting

:: Soluzioni

Aggiornare i software alle ultime versioni:

Adobe Connect 12.4.1
Acrobat DC 23.006.20320 (Windows e Mac)
Acrobat Reader DC 23.006.20320 (Windows e Mac)
Acrobat 2020 20.005.30524 (Windows e Mac)
Acrobat Reader 2020 20.005.30524 (Windows e Mac)

:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/connect/apsb23-33.html
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html

CSIRT Italia
https://www.csirt.gov.it/contenuti/adobe-rilascia-aggiornamenti-per-sanare-diverse-vulnerabilita-al03-230913-csirt-ita

CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2023-105

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29306
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38215

GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert

-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZQLohQAKCRDBnEyTZRJg
Qh0tAJ9RPwUED+gQ+Et7Jv4bs49SDyPIkgCg3afek3pI5Fkg8p6bk+fh5aJKiEo=
=vTOw
-----END PGP SIGNATURE-----

Cerca nel blog

alerts.gdaverio.it

Alert GCSA-23116 - Adobe Security Bulletin - Settembre 2023