Download the June 2022 Adobe Patch Tuesday updates
5 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- Are you waiting on your monthly Patch Tuesday update rollout?
- Adobe has just finished releasing a new set of patches today.
- All the download links you need are right here in this article.
No doubt, many of you are waiting for the Patch Tuesday monthly batch of security updates and we’re here to make it a bit easier for you to find what you’re looking for.
It goes without saying that Microsoft isn’t the only company that has such a rollout on a monthly basis. So, in this article, we’re going to talk about Adobe and some of the patches for their products.
As we’re pretty sure you know by now, we will also include links to the download source, so you don’t have to scour the internet to find them.
Adobe releases a batch of fixes for 46 CVEs
May 2022 was a pretty light month for Adobe, with five updates addressing 18 CVEs in Adobe CloudFusion, InCopy, Framemaker, InDesign, and Adobe Character Animator.
Out of all the updates in last month’s rollout, the largest one is the fix for Framemaker, with 10 CVEs in total, out of which nine are Critical-rated bugs that could lead to code execution.
However, for June 2022, This month, the company released six patches addressing 46 CVEs in Adobe Illustrator, InDesign, InCopy, Bridge, Robohelp, and Animate.
By far the largest update belongs to Illustrator, which addresses 17 total CVEs, with the most severe of these bugs allowing code execution if an affected system opens a specially crafted file.
Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVSS vector | CVE Numbers |
---|---|---|---|---|---|
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30637 |
Improper Input Validation (CWE-20) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30638 |
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30639 |
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30640 |
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30641 |
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30642 |
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30643 |
Use After Free (CWE-416) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30644 |
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30645 |
Improper Input Validation (CWE-20) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30646 |
Use After Free (CWE-416) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30647 |
Use After Free (CWE-416) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30648 |
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-30649 |
Out-of-bounds Read (CWE-125) | Memory leak | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2022-30666 |
Out-of-bounds Read (CWE-125) | Memory leak | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2022-30667 |
Out-of-bounds Read (CWE-125) | Memory leak | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2022-30668 |
Out-of-bounds Read (CWE-125) | Memory leak | Moderate | 3.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | CVE-2022-30669 |
You should also know that the big majority of these bugs fall into the Out-Of-Bounds (OOB) Write category.
If you are a Bridge user, then you should definitely acknowledge the fact that the update for Adobe Bridge fixes 12 bugs, 11 of which are rated Critical.
Next, we get to talk about the InCopy update, one that brings fixes eight Critical-rated bugs, all of which could lead to arbitrary code execution.
Moving on to the InDesign app, the patch fixes seven Critical-rated arbitrary code execution bugs, just in case you were wondering.
That being said, for both InDesign and InCopy, the bugs are a mix of OOB Read, OOB Write, heap overflow, and Use-After-Free (UAF) vulnerabilities.
There is only one bug fixed by the Animate patch, and it is also a Critical-rated OOB Write that could lead to arbitrary code execution.
We haven’t forgotten about Robohelp, where Adobe released a patch that fixes a Moderate-rated privilege escalation bug caused by improper authorization.
This is what you are looking at in terms of Patch Tuesday releases for Adobe for the month of July 2022, so hurry up and get the software.
What’s your take on this month’s release? Share your thoughts with us in the comments section below.
User forum
0 messages