Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
SYSTEMS AFFECTED:
RISK:
Government:
Businesses:
Home users: Low
TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows
Tactic: Execution (TA0002):
Technique: Exploitation for Client Execution (T1203)
Technique: User Execution (T1204)
Adobe Animate
Adobe Bridge
Adobe Illustrator
Adobe InCopy
Adobe InDesign
RoboHelp Server
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
1. Apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
2. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. (M1017: User Training)
3. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
4. Block execution of code on a system through application control, and/or script blocking. (M1038 : Execution Prevention)
5. Restrict execution of code to a virtual environment on or in transit to an endpoint system. (M1048: Application Isolation and Sandboxing)
6. Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040 : Behavior Prevention on Endpoint)
Safeguard 13.7: Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.
REFERENCES:
Adobe: https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/animate/apsb22-24.html
https://helpx.adobe.com/security/products/bridge/apsb22-25.html
https://helpx.adobe.com/security/products/illustrator/apsb22-26.html
https://helpx.adobe.com/security/products/indesign/apsb22-30.html
https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30670