Check out the February 2023 Adobe Patch Tuesday updates

Reading time icon 5 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Key notes

  • Adobe has released the monthly security updates for its software.
  • For February 2023, we are looking at many code execution bugs.
  • CVEs got addressed in  InDesign, InCopy, and Adobe Dimension.
adobe patch tuesday

We’re pretty sure that many of you have been anxiously waiting for the Adobe Patch Tuesday rollout, and we’re here to make it a bit easier for you to find what you’re looking for.

As you know by now, Microsoft isn’t the only company that has such a rollout on a monthly basis, so in this article, we’re going to talk about Adobe and some of the patches for their products.

And, as we do every month, we will also include links to the download source, so you don’t have to scour the internet to find them.

28 CVEs got addressed this month by Adobe

Before we begin, however, let’s also take a look at what happened in January 2023, when Adobe released 29 CVEs in four patches for Adobe Acrobat and Reader, InDesign, InCopy, and Adobe Dimension.

The highlight of last month’s release was definitely the Reader update which addressed a combination of 15 CVEs, eight of which were ranked Critical in severity.

It should absolutely go without saying that the most severe of these could allow code execution if an attacker convinces a target to open a specially crafted PDF document.

Now that that’s out of the way, let’s get back to the present and explore what the company has prepared for its users as a part of the February batch of patches.

This month, February 2023, we are looking at security fixes for software such as Adobe Photoshop, Substance 3D Stager, Animate, InDesign, Bridge, FrameMaker, Connect, and After Effects.

Photoshop

Without any doubt one of the most used media editing platforms, Adobe makes sure Photoshop is always up to standards.

The PhotoShop patch fixes five bugs, three of which are rated Critical, and an attacker could get arbitrary code execution if they can convince a user on an affected system to open a malicious file

Affected versions

ProductAffected versionPlatform
Photoshop 202223.5.3 and earlier versions     Windows and macOS
Photoshop 202324.1 and earlier versionsWindows and macOS

Premier Rush

Don’t think we’re out of the woods just yet, as malicious third parties also target other Adobe-designed applications at the same time.

Thus, this is the same scenario for Premier Rush, which corrects two Critical-rated code execution bugs. so keep that in mind as well.

Affected versions

ProductVersionPlatform
Adobe Premiere Rush2.6 and earlier versions      Windows

Animate

If you are an Adobe Animate user, then you have to consider the possibility that your favorite software has been compromised as well.

Yes, as Adobe mentioned on the support page, the Animate patch also fixes three similar critical code execution bugs.

Affected versions

ProductVersionPlatform
Adobe Animate 202222.0.8 and earlier versionsWindows and macOS
Adobe Animate 202323.0.0 and earlier versionsWindows and macOS

Bridge

This one is a bit worse than everything we have presented so far, so please be mindful if you are an Adobe Bridge user.

Security experts emphasized that the fix for Adobe Bridge fixes five Critical-rated code execution bugs plus two memory leaks

Affected versions

ProductVersionPlatform
Adobe Bridge  12.0.3 and earlier versions Windows  and macOS
Adobe Bridge  13.0.1 and earlier versions Windows  and macOS

After Effects

There are a lot of us that rely on Adobe’s After Effects for perfecting our products, but this software isn’t immune to attacks.

In fact, After Effects also has a memory leak to go along with three code execution bugs, just as some of its Adobe brothers do.

Affected versions

ProductVersionPlatform
Adobe After Effects23.1 and earlier versions     Windows and macOS
Adobe After Effects22.6.3 and earlier versions     Windows and macOS

Frame Maker

Yes, there still are apps from Adobe that are going through the same ordeal, so the company had to do something quickly.

Thus, the patch for FrameMaker also contains a mix of code execution and memory leak fixes, so the security patch is more than welcome.

Affected versions

ProductVersionPlatform
Adobe FrameMaker2020 Release Update 4 and earlier    
  
Windows
Adobe FrameMaker2022 Release
    
Windows

This is the first time we mention Adobe Connect in such an article, but the company had to take some immediate measures.

Note that the patch for Adobe Connect fixes a security feature bypass bug, although the company doesn’t provide any further info on what’s being bypassed.

Affected versions

ProductVersionPlatform
Adobe Connect11.4.5  and earlier versions            All
Adobe Connect12.1.5  and earlier versions    All

InDesign

Please keep in mind that the fix for InDesign corrects a denial of service caused by a NULL pointer deref, just in case you didn’t know.

Submit a support ticket to Adobe if you still experience problems after downloading and installing these security updates.

Affected versions

ProductAffected versionPlatform
Adobe InDesignID18.1 and earlier version.Windows and macOS 
Adobe InDesignID17.4 and earlier version.                                         Windows and macOS 

Last, but not least, the fix for Adobe Substance 3D Stager doesn’t actually address any new CVEs, so there’s no need to worry.

That being said, Adobe is updating third-party libraries used by the 3D modeling tool, so there’s another detail to look forward to.

Experts say none of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.

Have you found any other issues after downloading and installing these updates? Share your thoughts with us in the comments section below.

More about the topics: patch tuesday

User forum

0 messages