Check out the February 2023 Adobe Patch Tuesday updates
5 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- Adobe has released the monthly security updates for its software.
- For February 2023, we are looking at many code execution bugs.
- CVEs got addressed in InDesign, InCopy, and Adobe Dimension.
We’re pretty sure that many of you have been anxiously waiting for the Adobe Patch Tuesday rollout, and we’re here to make it a bit easier for you to find what you’re looking for.
As you know by now, Microsoft isn’t the only company that has such a rollout on a monthly basis, so in this article, we’re going to talk about Adobe and some of the patches for their products.
And, as we do every month, we will also include links to the download source, so you don’t have to scour the internet to find them.
28 CVEs got addressed this month by Adobe
Before we begin, however, let’s also take a look at what happened in January 2023, when Adobe released 29 CVEs in four patches for Adobe Acrobat and Reader, InDesign, InCopy, and Adobe Dimension.
The highlight of last month’s release was definitely the Reader update which addressed a combination of 15 CVEs, eight of which were ranked Critical in severity.
It should absolutely go without saying that the most severe of these could allow code execution if an attacker convinces a target to open a specially crafted PDF document.
Now that that’s out of the way, let’s get back to the present and explore what the company has prepared for its users as a part of the February batch of patches.
This month, February 2023, we are looking at security fixes for software such as Adobe Photoshop, Substance 3D Stager, Animate, InDesign, Bridge, FrameMaker, Connect, and After Effects.
Photoshop
Without any doubt one of the most used media editing platforms, Adobe makes sure Photoshop is always up to standards.
The PhotoShop patch fixes five bugs, three of which are rated Critical, and an attacker could get arbitrary code execution if they can convince a user on an affected system to open a malicious file
Affected versions
Product | Affected version | Platform |
Photoshop 2022 | 23.5.3 and earlier versions     | Windows and macOS |
Photoshop 2023 | 24.1 and earlier versions | Windows and macOS |
Premier Rush
Don’t think we’re out of the woods just yet, as malicious third parties also target other Adobe-designed applications at the same time.
Thus, this is the same scenario for Premier Rush, which corrects two Critical-rated code execution bugs. so keep that in mind as well.
Affected versions
Product | Version | Platform |
---|---|---|
Adobe Premiere Rush | 2.6 and earlier versions     | Windows |
Animate
If you are an Adobe Animate user, then you have to consider the possibility that your favorite software has been compromised as well.
Yes, as Adobe mentioned on the support page, the Animate patch also fixes three similar critical code execution bugs.
Affected versions
Product | Version | Platform |
---|---|---|
Adobe Animate 2022 | 22.0.8 and earlier versions | Windows and macOS |
Adobe Animate 2023 | 23.0.0 and earlier versions | Windows and macOS |
Bridge
This one is a bit worse than everything we have presented so far, so please be mindful if you are an Adobe Bridge user.
Security experts emphasized that the fix for Adobe Bridge fixes five Critical-rated code execution bugs plus two memory leaks
Affected versions
Product | Version | Platform |
---|---|---|
Adobe Bridge  | 12.0.3 and earlier versions | Windows  and macOS |
Adobe Bridge  | 13.0.1 and earlier versions | Windows  and macOS |
After Effects
There are a lot of us that rely on Adobe’s After Effects for perfecting our products, but this software isn’t immune to attacks.
In fact, After Effects also has a memory leak to go along with three code execution bugs, just as some of its Adobe brothers do.
Affected versions
Product | Version | Platform |
---|---|---|
Adobe After Effects | 23.1 and earlier versions     | Windows and macOS |
Adobe After Effects | 22.6.3 and earlier versions      | Windows and macOS |
Frame Maker
Yes, there still are apps from Adobe that are going through the same ordeal, so the company had to do something quickly.
Thus, the patch for FrameMaker also contains a mix of code execution and memory leak fixes, so the security patch is more than welcome.
Affected versions
Product | Version | Platform |
---|---|---|
Adobe FrameMaker | 2020 Release Update 4 and earlier    | Windows |
Adobe FrameMaker | 2022 Release     | Windows |
This is the first time we mention Adobe Connect in such an article, but the company had to take some immediate measures.
Note that the patch for Adobe Connect fixes a security feature bypass bug, although the company doesn’t provide any further info on what’s being bypassed.
Affected versions
Product | Version | Platform |
---|---|---|
Adobe Connect | 11.4.5  and earlier versions            | All |
Adobe Connect | 12.1.5  and earlier versions     | All |
InDesign
Please keep in mind that the fix for InDesign corrects a denial of service caused by a NULL pointer deref, just in case you didn’t know.
Submit a support ticket to Adobe if you still experience problems after downloading and installing these security updates.
Affected versions
Product | Affected version | Platform |
Adobe InDesign | ID18.1 and earlier version. | Windows and macOS |
Adobe InDesign | ID17.4 and earlier version. | Windows and macOS |
Last, but not least, the fix for Adobe Substance 3D Stager doesn’t actually address any new CVEs, so there’s no need to worry.
That being said, Adobe is updating third-party libraries used by the 3D modeling tool, so there’s another detail to look forward to.
Experts say none of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.
Have you found any other issues after downloading and installing these updates? Share your thoughts with us in the comments section below.
User forum
0 messages