By Yonghui Han | July 13, 2023
This past March, I discovered and reported several zero-day vulnerabilities in Adobe InDesign to Adobe. And on Patch Tuesday, July 11, 2023, Adobe released their security patches to fix them.
The vulnerabilities are identified as CVE-2023-29308, CVE-2023-29309, CVE-2023-29310, CVE-2023-29311, CVE-2023-29312, CVE-2023-29313, CVE-2023-29314, CVE-2023-29315, CVE-2023-29316, CVE-2023-29317, CVE-2023-29318, and CVE-2023-29319. All of these vulnerabilities have been assigned a Critical or Important severity. They also each have different root causes related to a single InDesign plugin. Due to the severity of these vulnerabilities, we suggest that users apply the Adobe patch as soon as possible.
Affected platforms: Windows and macOS
Impacted parties: Users of Adobe InDesign 2023 version 18.3 and earlier. Users of Adobe InDesign 2022 version 17.4.1 and earlier.
Impact: Multiple vulnerabilities leading to memory leaks or arbitrary code execution.
Severity level: Critical and Important
Following are some details on these vulnerabilities. More information can be found on the related Fortinet Zero Day Advisory pages by clicking on the CVE links below:
