Download the May 2022 Adobe Patch Tuesday updates
4 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Key notes
- Are you waiting on your monthly Patch Tuesday update rollout?
- Adobe has just finished releasing a new set of patches today.
- All the download links you need are right here in this article.
No doubt, many of you are waiting for the Patch Tuesday monthly batch of security updates and we’re here to make it a bit easier for you to find what you’re looking for.
It goes without saying that Microsoft isn’t the only company that has such a rollout on a monthly basis. So, in this article, we’re going to talk about Adobe and some of the patches for their products.
As we’re pretty sure you know by now, we will also include links to the download source, so you don’t have to scour the internet to find them.
Adobe Framemaker needed the most work this month
Although many didn’t foresee it, last month was a pretty busy one for Adobe, with four updates addressing 70 CVEs in Acrobat and Reader, Photoshop, After Effects, and Adobe Commerce.
May is a lot more light in terms of updates volume, so there really wasn’t that much to fix this time around.
This month, Adobe only released five updates addressing 18 CVEs in Adobe CloudFusion, InCopy, Framemaker, InDesign, and Adobe Character Animator.
Out of all the updates in this rollout, the largest one is the fix for Framemaker, with 10 CVEs in total, out of which nine are Critical-rated bugs that could lead to code execution.
Security experts explained that this could be the case mostly due to Out-of-Bounds (OOB) Write vulnerabilities.
Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVSS vector | CVE Numbers |
---|---|---|---|---|---|
Out-of-bounds Write(CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28821 |
Out-of-bounds Write(CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28822 |
Use After Free (CWE-416) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28823 |
Use After Free (CWE-416) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28824 |
Out-of-bounds Write(CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28825 |
Out-of-bounds Write(CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28826 |
Out-of-bounds Write(CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28827 |
Out-of-bounds Write(CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28828 |
Out-of-bounds Write(CWE-787) | Arbitrary code execution | Critical | 7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2022-28829 |
Out-of-bounds Read (CWE-125) | Memory Leak | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2022-28830 |
Moving on, the software fixes for InDesign address three Critical-rated bugs that could also lead to code execution, out of which two are due to OOB Writes while one is an OOB Read.
Adobe also issued fix patches for InCopy. In this case, we’re talking about three Critical-rated code execution bugs.
Two OOB Writes plus a Use-After-Free (UAF), just in case that was going to be your next question on this subject.
We also got a patch for Character Animator, one that fixes a single, Critical-rated OOB Write code execution bug.
And, last but not least, the ColdFusion patch corrects an Important-rated reflected cross-site scripting (XSS) bug.
It’s also important to know that none of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.
What’s your take on this month’s release? Share your thoughts with us in the comments section below.
User forum
0 messages