What security updates did Adobe release across multiple products?

Adobe released security updates for multiple products, including Photoshop, ColdFusion, Acrobat and Reader, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder. These updates address critical, important, and moderate vulnerabilities that could potentially lead to arbitrary code execution, memory leaks, denial-of-service (DoS), and other impacts.

Which Adobe products were affected by the September 2024 security updates?

The affected products include Adobe Photoshop, Adobe ColdFusion, Adobe Acrobat and Reader, Adobe Illustrator, Adobe Premiere Pro, Adobe After Effects, Adobe Audition, and Adobe Media Encoder.

What vulnerabilities were addressed in the Adobe Photoshop update?

The update for Adobe Photoshop addressed critical vulnerabilities that could lead to arbitrary code execution and memory leaks, including CVE-2024-43756, CVE-2024-43760, CVE-2024-45108, CVE-2024-45109, and CVE-2024-45110. Affected versions are Photoshop 2023: 24.7.4 and earlier (Windows and macOS), and Photoshop 2024: 25.11 and earlier (Windows and macOS).

What is the critical vulnerability in Adobe ColdFusion?

The critical vulnerability in Adobe ColdFusion is CVE-2024-41874 (CVSS 9.8), which could allow arbitrary code execution. Affected versions are ColdFusion 2023: Update 9 and earlier (All platforms), and ColdFusion 2021: Update 15 and earlier (All platforms).

What are the key vulnerabilities fixed in Adobe Acrobat and Reader?

Adobe released updates for Acrobat and Reader to address critical vulnerabilities, including CVE-2024-41869 (CVSS 7.8) and CVE-2024-45112 (CVSS 8.6), that could lead to arbitrary code execution. Affected versions include Acrobat DC (Continuous), Acrobat Reader DC (Continuous), Acrobat 2024 (Classic 2024), and Acrobat 2020 (Classic 2020) on both Windows and macOS.

What vulnerabilities were addressed in the Adobe Illustrator update?

The Adobe Illustrator update addressed multiple vulnerabilities, including critical flaws that could lead to arbitrary code execution, DoS, and memory leaks. Vulnerabilities include CVE-2024-41857, CVE-2024-34121, CVE-2024-41856, CVE-2024-43758, CVE-2024-45111, and CVE-2024-43759. Affected versions are Illustrator 2024: 28.6 and earlier and Illustrator 2023: 27.9.5 and earlier (Windows and macOS).

Which Adobe products had vulnerabilities that could lead to arbitrary code execution and memory leaks?

Adobe products with vulnerabilities that could lead to arbitrary code execution and memory leaks include Adobe Photoshop, ColdFusion, Acrobat and Reader, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder.

What are the key vulnerabilities fixed in Adobe After Effects?

Updates for Adobe After Effects address critical, important, and moderate vulnerabilities that could lead to arbitrary code execution, memory leaks, and arbitrary file system write. These include CVE-2024-39380, CVE-2024-39381, CVE-2024-41859, CVE-2024-41867, and CVE-2024-39382. Affected versions are After Effects: 24.5 and earlier, 23.6.6 and earlier (Windows and macOS).

Advisory

Adobe releases september 2024 patches for flaws in multiple products, including critical

published: Sept. 10, 2024

Take action: A huge package of updates, covering many Adobe applications. Start with the Acrobat, Reader and ColdFusion. Then review the rest and plan appropriate patching. Adobe has classfied a lot of them as critical, so don't delay too much.

Learn More

Adobe has released a series of security updates across multiple products, addressing critical, important, and moderate vulnerabilities that could potentially lead to arbitrary code execution, memory leaks, denial-of-service (DoS), and other impacts. The updates affect various Adobe applications on both Windows and macOS platforms.

Adobe Photoshop - an update for Photoshop, addressing critical vulnerabilities that could lead to arbitrary code execution and memory leaks, including CVE-2024-43756, CVE-2024-43760, CVE-2024-45108, CVE-2024-45109, CVE-2024-45110. Affected Versions - Photoshop 2023: 24.7.4 and earlier (Windows and macOS), Photoshop 2024: 25.11 and earlier (Windows and macOS)
Adobe ColdFusion - Security updates for Adobe ColdFusion resolve a critical vulnerability that could allow arbitrary code execution CVE-2024-41874 (CVSS 9.8). Affected Versions - ColdFusion 2023: Update 9 and earlier (All platforms), ColdFusion 2021: Update 15 and earlier (All platforms)
Adobe Acrobat and Reader - Adobe has released updates for Acrobat and Reader, addressing critical vulnerabilities that could lead to arbitrary code execution, including CVE-2024-41869, (CVSS 7.8). CVE-2024-45112, CVSS 8.6).
- A cybersecurity expert is encouraging users to update Adobe Acrobat Reader for CVE-2024-41869 for which a public proof-of-concept (PoC) exploit exists. It's a 'use after free' bug that occurs when a program attempts to access data from a memory location that has already been freed. Iif a threat actor manages to store malicious code in that memory location and the program subsequently accesses it, this could result in the execution of the malicious code on the targeted device. Despite its 7.8 CVSS score, which is considered "high" rather than "critical," Adobe has classified the use-after-free vulnerability as "critical," urging sysadmins to prioritize it due to an available proof-of-concept exploit in the wild.
- Affected Versions:
  - Acrobat DC (Continuous): 24.003.20054 and earlier (Windows), 24.002.21005 and earlier (macOS)
  - Acrobat Reader DC (Continuous): 24.003.20054 and earlier (Windows), 24.002.21005 and earlier (macOS)
  - Acrobat 2024 (Classic 2024): 24.001.30159 and earlier (Windows and macOS)
  - Acrobat 2020 (Classic 2020): 20.005.30655 and earlier (Windows and macOS)
  - Acrobat Reader 2020 (Classic 2020): 20.005.30655 and earlier (Windows and macOS)
Adobe Illustrator - Adobe Illustrator updates address multiple vulnerabilities, including critical flaws that could lead to arbitrary code execution, DoS, and memory leaks including CVE-2024-41857 (CVSS 7.8), CVE-2024-34121 (CVSS 7.8), CVE-2024-41856 (CVSS 7.8), CVE-2024-43758, (CVSS 7.8), CVE-2024-45111 (CVSS 5.5), CVE-2024-43759 (CVSS 3.3). Affected Versions are llustrator 2024: 28.6 and earlier (Windows and macOS) and Illustrator 2023: 27.9.5 and earlier (Windows and macOS)
Adobe Premiere Pro - Adobe Premiere Pro updates address critical and moderate vulnerabilities that could lead to arbitrary code execution and memory leaks including CVE-2024-39384 (CVSS 7.8), CVE-2024-39385 (CVSS 3.3). Affected Versions are Premiere Pro: 24.5 and earlier, 23.6.8 and earlier (Windows and macOS)
Adobe After Effects - Updates for Adobe After Effects address critical, important, and moderate vulnerabilities that could lead to arbitrary code execution, memory leaks, and arbitrary file system write, including CVE-2024-39380 (CVSS 7.8), CVE-2024-39381, CVE-2024-41859 (CVSS 7.8), CVE-2024-41867 (CVSS 5.5), CVE-2024-39382, (CVSS 3.3). Affected Versions are After Effects: 24.5 and earlier, 23.6.6 and earlier (Windows and macOS)
Adobe Audition - Adobe Audition updates resolve critical and important vulnerabilities that could lead to arbitrary code execution and memory leaks including CVE-2024-39378 (CVSS 7.8), CVE-2024-41868 (CVSS 5.5). Affected Versions are Audition: 24.4.1 and earlier, 23.6.6 and earlier (Windows and macOS)
Adobe Media Encoder - Adobe Media Encoder updates address critical and important vulnerabilities, including arbitrary code execution and memory leaks including CVE-2024-39377 (CVSS 7.8), CVE-2024-41870, CVE-2024-41871, CVE-2024-41872, CVE-2024-41873, (CVSS 5.5). Affected Versions are Media Encoder: 24.5 and earlier, 23.6.8 and earlier (Windows and macOS)

Adobe strongly recommends that users apply these updates promptly to mitigate the risk of potential exploits. For more information on the updates and how to apply them, visit the relevant Adobe product help pages.

Adobe releases september 2024 patches for flaws in multiple products, including critical

Read More
Chirp smart locks vulnerable to unauthorized access due …
FireScam malware phishing campaign impersonates RuStore app marketplace
Most Windows and Linux computers vulnerable to a …
Apple iOS and macOS vulnerability from 2022 actively …
Adobe patches over 30 vulnerabilities in Adobe Software …