This issue has been patched in Adobe Flash Player versions 23.0.0.162 and earlier, 21.0.0.213 and earlier and 18.0.0.261 and earlier for Windows and OS X. Adobe Air versions of Adobe Flash Player for Android and iOS are also affected. Mac users should update to the latest version of Adobe Flash Player via the software update mechanism. Adobe recommends using the auto-update functionality on these operating systems. Details on how to apply the update via the auto-update function are provided in the “Fixes” section of this advisory. Adobe recommends administrators review the Application Security section of the security advisories for Adobe for any other patches that may be due to be implemented. Adobe recommends administrators review the Application Security section of the security advisories for Adobe for any other patches that may be due to be implemented. Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

CVE-2022-35690

This issue has been patched in Adobe Photoshop versions 6.x, 7.x, 8.0.x, and 9.x for Windows and OS X. Adobe Photoshop elements versions 5.6 through 9 are also affected by this vulnerability.

CVE-2022-30733

Adobe has patched this vulnerability in Adobe Story. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

Resolution

Adobe has released updates to resolve CVE-2022-35689. Updates for Windows and OS X are listed in this advisory, as well as a link to the patch for Adobe Commerce. Macintosh users should update (via the auto-update mechanism) to the latest version of Adobe Flash Player.

What is the Application Securityames Program?

The Application Securityames Program (ASP) is a security program that has been designed by Adobe to identify vulnerabilities in Adobe products, respond to them and enable customers to better protect themselves.
Adobe has worked with the U.S. Department of Homeland Security and other government agencies to improve the way they make software available to their customers. This includes providing better product information, regular security updates and improved documentation.

What to do if you are currently using Adobe products?

Adobe recommends administrators review the Application Security section of the security advisories for Adobe for any other patches that may be due to be implemented.
If you are currently using Adobe products, please install the latest version of Adobe Flash Player via the software update mechanism.

Timeline

Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:31:00 UTC

References