Adobe releases patches for multiple products, warns of critical flaws
Take action: A huge package of updates, covering many Adobe applications. As usual, start with the Acrobat and Reader as most common. Then review the rest and plan appropriate patching. While the CVSS score is not very high for most, Adobe has classfied a lot of them as critical, possibly not disclosing everything that they know. So don't delay too much.
Learn More
Adobe has issued security updates for multiple products, addressing 72 vulnerabilities that affect Windows and macOS users. These flaws could potentially allow attackers to execute arbitrary code, cause memory leaks, or launch denial-of-service (DoS) attacks. The updates include patches for several widely-used Adobe applications such as Acrobat and Reader, Illustrator, Photoshop, InDesign, Adobe Commerce, and Dimension.
Key highlights:
-
Adobe Acrobat and Reader: 12 vulnerabilitues, with eithg reported as critical flaws that could lead to code execution (CVE-2024-39383, CVE-2024-39422, CVE-2024-39423, CVE-2024-39424, CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831). Affected versions include Acrobat DC, Acrobat 2024, and Acrobat 2020.
-
Adobe Illustrator: Seven vulnerabilities that pose code execution risks, affecting both Windows and macOS systems. One reported as critical out-of-bounds write enabling arbitrary code execution (CVE-2024-34133).
-
Adobe Photoshop: The update addresses a critical arbitrary code execution vulnerability in versions 24.7.3 and earlier. One reported as critical Use After Free enabling arbitrary code execution (CVE-2024-20753).
-
Adobe Dimension: Six vulnerabilities leading to arbitrary code execution and memory leaks in version 3.4.11 and earlier. Three reported as critical (CVE-2024-34124, CVE-2024-41865, CVE-2024-20789)
-
Adobe InDesign: 13 flaws, including risks of code execution and application DoS in versions ID19.4 and earlier. Nine reported as critical that can lead to arbitrary code execution (CVE-2024-39389, CVE-2024-39390, CVE-2024-39391, CVE-2024-41852, CVE-2024-41853, CVE-2024-39393, CVE-2024-39394, CVE-2024-41850, CVE-2024-41851)
-
Adobe Commerce: Over 20 vulnerabilities, including those that enable arbitrary code execution, privilege escalation, and security feature bypass. Seven are reported as critical (CVE-2024-39397, CVE-2024-39398, CVE-2024-39399, CVE-2024-39400, CVE-2024-39401, CVE-2024-39402, CVE-2024-39403)
-
Adobe Bridge: Three vulnerabilities reported, of those two reported as critical (CVE-2024-39386, CVE-2024-41840)
-
Adobe Substance 3D Stager: One critical vulnerability reported (CVE-2024-39388)
-
Adobe InCopy: One critical vulnerability reported (CVE-2024-41858)
-
Adobe Substance 3D Sampler: Four vulnerabitlities reported, one of those reported as critical (CVE-2024-41860)
-
Adobe Substance 3D Designer: One critical vulnerability reported (CVE-2024-41864)
Adobe recommends that users apply these updates immediately to secure their systems against potential attacks. The company has stated that there have been no known exploits of these vulnerabilities prior to the release of the patches.
