In early 2022, I discovered and reported five zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc. On Tuesday, June 14, 2022, Adobe released a security patch that fixed these vulnerabilities. They are identified as CVE-2022-30649, CVE-2022-30666, CVE-2022-30667, CVE-2022-30668, and CVE-2022-30669. These vulnerabilities have different root causes related to two Illustrator plugins. All of these vulnerabilities are assigned a Critical or Important severity. We suggest users apply the Adobe patches as soon as possible.
Affected platforms: Windows and MacOS
Impacted parties: Users of Adobe Illustrator 2022, versions 26.0.2 and earlier, Users of Adobe Illustrator 2021, versions 25.4.5 and earlier
Impact: Multiple vulnerabilities leading to Arbitrary Code Execution or Memory Leak
Severity level: Critical and Important