Adobe releases May 2024 fixes for critical issues in Reader, Acrobat, Illustrator and other products

Adobe has released a security update as part of its 2024 May Patch Tuesday, addressing a total of 35 vulnerabilities across multiple products. This update addresses issues in Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter and Designer, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver.

The update patched 9 critical vulnerabilities in Adobe Acrobat and Reader, detailed under APSB24-29. These vulnerabilities, if exploited, could lead to code execution attacks. The identified vulnerabilities are:

• CVE-2024-30284 (CVSS score 7.8)
• CVE-2024-30310 (CVSS score 7.8)
• CVE-2024-34094 to CVE-2024-34100 (CVSS score 7.8)

 Other patched vulnerabilities in Reader/Acrobat are of a lower severity (CVSS score 5.5 or lower)

• CVE-2024-30311
• CVE-2024-30312
• CVE-2024-34101

These issues impact Acrobat and Reader versions 24.002.20736 and earlier, and 20.005.30574 and earlier on Windows and MacOS

Other patched vulnerabilities

• Adobe Illustrator: Three vulnerabilities (two critical) reported under APSB24-30, affecting versions 28.4 and earlier, and 27.9.3 and earlier.
• Adobe Substance 3D Painter: Four vulnerabilities (two critical), including code execution and memory leak issues, reported under APSB24-31, affecting version 9.1.2 and earlier.
• Adobe Aero: A critical arbitrary code execution bug.
• Adobe Animate: Six critical vulnerabilities allowing code execution.
• Adobe FrameMaker: Eight vulnerabilities (five critical) reported under APSB24-37.
• Adobe Dreamweaver: A critical vulnerability reported under APSB24-39 affecting version 21.3 and earlier.

Adobe has stated that there are currently no known exploits in the wild for these vulnerabilities but is emphasizing the importance of updating affected software.