APSB23-52 and CF2018

Question

Hello all,I am aware that Adobe's bulletin reported a security vulnerability for CF2021 and 2023 with an update that remediates it. There was no mention of CF2018 (which I know is no longer supported) being affected by the vulnerability. However, I have read online from CyberCX that this affects CF2018 as well. Our MDR detected the vulnerability on our network despite us having already patched CF2023, so that leads me to believe it detected it on CF2018. Is there any confirmation that this vulnerability affects 2018, and is there any solution for it (besides the obvious upgrade to a supported version)?

Charlie Arehart · Answer

While I'll leave others to confirm whether those vulns in that APSB (and there are several) do affect CF2018 (or earlier), I will assert there's no reason to think the problem is UNIQUE to CF2021 and 2023. As such, it's REASONABLE to presume that it DOES affect earlier CF versions. And only someone with specific knowledge of the details of each of the vulns in that APSB could help us know if there's any way to remediate those earlier versions.

To be clear, as for hoping to hear something from Adobe instead, I'll share my observation from experiance that once an old version reaches end of life (as CF2018 did, in July) and is no longer supported (including security updates), Adobe tends to not address in any way how later vulns might be remediated in such earlier versions.

So as you say, the most dependable solution (to address ALL the vulns in that and another APSB that came out in August) is to upgrade to a supported CF version: currently CF2021 (end of life in Nov 2025, as it came out in Nov 2020) or CF2021 (end of life in May 2028).

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded