9VSA23-00766-01 CSIRT comparte información de Adobe sobre vulnerabilidades que recibieron actualización de seguridad
El CSIRT de Gobierno comparte la información entregada por Adobe sobre nuevas vulnerabilidades que afectan a sus productos, y para las cuales pusieron a disposición actualizaciones de seguridad.
Vulnerabilidades
CVE-2023-21579
CVE-2023-21581
CVE-2023-21585
CVE-2023-21586
CVE-2023-21604
CVE-2023-21605
CVE-2023-21606
CVE-2023-21607
CVE-2023-21608
CVE-2023-21609
CVE-2023-21610
CVE-2023-21611
CVE-2023-21612
CVE-2023-21613
CVE-2023-21614
CVE-2023-21587
CVE-2023-21588
CVE-2023-21589
CVE-2023-21590
CVE-2023-21591
CVE-2023-21592
CVE-2023-21594
CVE-2023-21595
CVE-2023-21596
CVE-2023-21597
CVE-2023-21598
CVE-2023-21599
CVE-2023-21601
CVE-2023-21603
Impacto
Vulnerabilidades de riesgo crítico
CVE-2023-21579, CVE-2023-21604, CVE-2023-21605, CVE-2023-21606, CVE-2023-21607, CVE-2023-21608, CVE-2023-21609 y CVE-2023-21610: Ejecución arbitraria de código en Acrobat DC, Acrobat Reader DC, Acrobat 2020 y Acrobat Reader 2020.
CVE-2023-21587, CVE-2023-21588, CVE-2023-21589y CVE-2023-21590: Ejecución arbitraria de código en Adobe InDesign.
CVE-2023-21594, CVE-2023-21595, CVE-2023-21596 y CVE-2023-21597: Ejecución arbitraria de código en Adobe InCopy.
Productos afectados
Acrobat DC 22.003.20282 (Win), 22.003.20281 (Mac) y anteriores.
Acrobat Reader DC 22.003.20282 (Win), 22.003.20281 (Mac) y anteriores.
Acrobat 2020 20.005.30418 y anteriores.
Acrobat Reader 2020 20.005.30418 y anteriores.
Adobe InDesign ID18.0 y anteriores, ID17.4 y anteriores.
Adobe InCopy ID18.0 y anteriores, ID17.4 y anteriores.
Adobe Dimension 3.4.6 y anteriores.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://helpx.adobe.com/security/products/acrobat/apsb23-01.html
https://helpx.adobe.com/security/products/indesign/apsb23-07.html
https://helpx.adobe.com/security/products/incopy/apsb23-08.html
https://helpx.adobe.com/security/products/dimension/apsb23-10.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21614
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00766-01.