9VSA23-00766-01 CSIRT comparte información de Adobe sobre vulnerabilidades que recibieron actualización de seguridad

El CSIRT de Gobierno comparte la información entregada por Adobe sobre nuevas vulnerabilidades que afectan a sus productos, y para las cuales pusieron a disposición actualizaciones de seguridad.

Vulnerabilidades

CVE-2023-21579

CVE-2023-21581

CVE-2023-21585

CVE-2023-21586

CVE-2023-21604

CVE-2023-21605

CVE-2023-21606

CVE-2023-21607

CVE-2023-21608

CVE-2023-21609

CVE-2023-21610

CVE-2023-21611

CVE-2023-21612

CVE-2023-21613

CVE-2023-21614

CVE-2023-21587

CVE-2023-21588

CVE-2023-21589

CVE-2023-21590

CVE-2023-21591

CVE-2023-21592

CVE-2023-21594

CVE-2023-21595

CVE-2023-21596

CVE-2023-21597

CVE-2023-21598

CVE-2023-21599

CVE-2023-21601

CVE-2023-21603

Impacto

Vulnerabilidades de riesgo crítico

CVE-2023-21579, CVE-2023-21604, CVE-2023-21605, CVE-2023-21606, CVE-2023-21607, CVE-2023-21608, CVE-2023-21609 y CVE-2023-21610: Ejecución arbitraria de código en Acrobat DC, Acrobat Reader DC, Acrobat 2020 y Acrobat Reader 2020.

CVE-2023-21587, CVE-2023-21588, CVE-2023-21589y CVE-2023-21590: Ejecución arbitraria de código en Adobe InDesign.

CVE-2023-21594, CVE-2023-21595, CVE-2023-21596 y CVE-2023-21597: Ejecución arbitraria de código en Adobe InCopy.

Productos afectados

Acrobat DC 22.003.20282 (Win), 22.003.20281 (Mac) y anteriores.

Acrobat Reader DC 22.003.20282 (Win), 22.003.20281 (Mac) y anteriores.

Acrobat 2020 20.005.30418 y anteriores.

Acrobat Reader 2020 20.005.30418 y anteriores.

Adobe InDesign ID18.0 y anteriores, ID17.4 y anteriores.

Adobe InCopy ID18.0 y anteriores, ID17.4 y anteriores.

Adobe Dimension 3.4.6 y anteriores.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Enlaces

https://helpx.adobe.com/security/products/acrobat/apsb23-01.html

https://helpx.adobe.com/security/products/indesign/apsb23-07.html

https://helpx.adobe.com/security/products/incopy/apsb23-08.html

https://helpx.adobe.com/security/products/dimension/apsb23-10.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21579

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21581

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21585

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21586

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21587

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21588

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21589

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21590

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21591

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21592

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21594

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21595

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21596

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21597

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21598

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21599

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21601

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21603

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21604

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21605

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21606

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21607

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21608

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21609

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21610

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21611

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21612

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21613

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21614

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00766-01.