⚡ TL;DR | Go Straight to the Adobe Acrobat (Reader) Vulnerability Report
Adobe has released a series of updates addressing 25 vulnerabilities across 5 products. All of these vulnerabilities received a CVSS base score between 3.5 and 9.1, with 15 of them being critical. Exploitation could lead to a number of problems like arbitrary code execution, privilege escalation, security feature bypass, and memory leak. For your organization, this could result in the loss or even theft of business-critical or sensitive files and data, disruptions in business operation and application failures.
As the vulnerabilities affect several different Adobe products and versions, you can find lists of the affected versions per product below.
Affected Software and Versions
Adobe Acrobat and Reader
In Adobe Acrobat and Reader for Windows and macOS, 7 vulnerabilities were fixed, 3 of which are critical. For these updates, detailed instructions can be found on Adobe’s bulletin.
| Product | Track | Affected version | Updated Version |
| Acrobat DC | Continuous | 22.001.20169 and earlier versions | 2.200.220.191 |
| Acrobat Reader DC | Continuous | 22.001.20169 and earlier versions | 2.200.220.191 |
| Acrobat 2020 | Classic 2020 | 20.005.30362 and earlier versions | 2.000.530.381 |
| Acrobat Reader 2020 | Classic 2020 | 20.005.30362 and earlier versions | 2.000.530.381 |
| Acrobat 2017 | Classic 2017 | 17.012.30249 and earlier versions | 1.701.230.262 |
| Acrobat Reader 2017 | Classic 2017 | 17.012.30249 and earlier versions | 1.701.230.262 |
Based on this list of affected products and versions shared by Adobe, we have created a special Lansweeper report that will provide a list of all installations in your environment that could be affected by these vulnerabilities.
Adobe Commerce and Magento Open Source
Another 7 vulnerabilities were patched in Adobe Commerce and Magento Open Source for all platforms, 4 critical. However, an attacker would need authentication and admin privileges in order to exploit these vulnerabilities. Still, Adobe recommends that you update your installation to the newest version.
| Product | Affected version | Updated Version | Installation Instructions |
| Adobe Commerce | 2.4.3-p2 and earlier versions | 2.3.7-p4, 2.4.3-p3, 2.4.4-p1, 2.4.5 | 2.4.x release notes 2.3.x release notes |
| 2.3.7-p3 and earlier versions | |||
| Adobe Commerce | 2.4.4 and earlier versions | ||
| Magento Open Source | 2.4.3-p2 and earlier versions | 2.3.7-p4, 2.4.3-p3, 2.4.4-p1, 2.4.5 | |
| 2.3.7-p3 and earlier versions | |||
| Magento Open Source | 2.4.4 and earlier versions |
Adobe Illustrator
In Adobe Illustrator for Windows and macOS, 4 vulnerabilities were fixed, including 2 critical ones. Adobe recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. You can find more information on their help page.
| Product | Affected version | Updated Version | Availability |
| Illustrator 2022 | 26.3.1 and earlier versions | 26.4 | Download Page |
| Illustrator 2021 | 25.4.6 and earlier versions | 25.4.7 | Download Page |
Adobe FrameMaker
In Adobe Framemaker for Windows, 6 vulnerabilities have been patched, 5 of which were critical. Adobe recommends that you update your installation to the newest version.
| Product | Affected version | Updated Versions | Availability |
| Adobe FrameMaker | 2019 Release Update 8 and earlier | FrameMaker v15.0.8 (2019) | Tech note |
| Adobe FrameMaker | 2020 Release Update 4 and earlier | FrameMaker v16.0.4 (2020) | Tech note |
Adobe Premiere Elements
1 critical vulnerability was fixed in Adobe Premiere Elements for Windows and macOS that could lead to privilege escalation by the current user. You are advised to download the new installer and upgrade your installation.
| Product | Affected version | Updated Versions | Availability |
| Adobe Premiere Elements | 2022 (Version 20.0) | FrameMaker v15.0.8 (2019)2022 (Version 20.0 20220702.Git.main.e4f8578) | Download Center |
Discover Vulnerable Devices
Just like we did for the Adobe Acrobat (Reader) vulnerabilities above, you can use Lansweeper to discover any installs of the vulnerable Adobe products and versions in your network. This way you have an actionable list of devices and software that might require a patch.