Adobe releases November 2024 updates for multiple products, including Photoshop, Illustrator, and Commerce
Take action: Another big update from Adobe. Most have flaws that Adobe classifies as critical although the CVSS score is 7.8. Maybe not a panic mode effort to patch, but do plan for a rollout of patches.
Learn More
Adobe recently released multiple critical security updates for several of its popular software products to address vulnerabilities that could allow issues like arbitrary code execution, memory leaks, and denial-of-service attacks. Here’s a summary of the key updates:
https://helpx.adobe.com/security/security-bulletin.html
Adobe Substance 3D Painter - Adobe has released critical security updates for Substance 3D Painter version 10.1.0 and earlier. The update addresses multiple vulnerabilities that could lead to arbitrary code execution, memory leak, and application denial-of-service.
Critical Vulnerabilities:
- CVE-2024-49525 (CVSS score 7.8) - Heap-based Buffer Overflow
- CVE-2024-49519 (CVSS score 7.8) - Out-of-bounds Write
- CVE-2024-47426 (CVSS score 7.8) - Double Free [and 13 more critical vulnerabilities with CVSS 7.8]
Important Vulnerabilities:
- CVE-2024-47435 (CVSS score 5.5) - Out-of-bounds Read leading to memory leak
- CVE-2024-47436 (CVSS score 5.5) - Out-of-bounds Read leading to memory leak [and 4 more important vulnerabilities]
Adobe Bridge - Adobe has released security updates for Bridge versions 13.0.9 and earlier, and 14.1.2 and earlier. The update addresses important vulnerabilities:
- CVE-2024-45147 (CVSS score 5.5) - Out-of-bounds Read leading to memory leak
- CVE-2024-47458 (CVSS score 5.5) - NULL Pointer Dereference leading to application denial-of-service
Adobe After Effects - Critical security updates released for After Effects versions 24.6.2 and earlier, and 23.6.9 and earlier, addressing:
Critical Vulnerabilities:
- CVE-2024-47441 (CVSS score 7.8) - Out-of-bounds Write
- CVE-2024-47442 (CVSS score 7.8) - Out-of-bounds Write
- CVE-2024-47443 (CVSS score 7.8) - Out-of-bounds Write
Important Vulnerabilities:
- CVE-2024-47444 (CVSS score 5.5) - Out-of-bounds Read
- CVE-2024-47445 (CVSS score 5.5) - Out-of-bounds Read
- CVE-2024-47446 (CVSS score 5.5) - Out-of-bounds Read
Adobe Illustrator - Security updates released for Illustrator 2024 version 28.7.1 and earlier, addressing:
Critical Vulnerabilities:
- CVE-2024-45114 (CVSS score 7.8) - Out-of-bounds Write
- CVE-2024-47450 (CVSS score 7.8) - Heap-based Buffer Overflow
- CVE-2024-47451 (CVSS score 7.8) - Out-of-bounds Write
- CVE-2024-47452 (CVSS score 7.8) - Out-of-bounds Write
Important Vulnerabilities:
- CVE-2024-47453 through CVE-2024-47456 (CVSS score 5.5) - Out-of-bounds Read
- CVE-2024-47457 (CVSS score 5.5) - NULL Pointer Dereference
Adobe InDesign - Security updates for InDesign versions ID19.5 and earlier, addressing:
Critical Vulnerabilities:
- CVE-2024-49507 (CVSS score 7.8) - Heap-based Buffer Overflow
- CVE-2024-49508 (CVSS score 7.8) - Heap-based Buffer Overflow
- CVE-2024-49509 (CVSS score 7.8) - Heap-based Buffer Overflow
Important Vulnerabilities:
- CVE-2024-49510 through CVE-2024-49512 (CVSS score 5.5) - Out-of-bounds Read
Adobe Photoshop - Security update for Photoshop 2023 (24.7.3 and earlier) and 2024 (25.11 and earlier), addressing:
Critical Vulnerability:
- CVE-2024-49514 (CVSS score 7.8) - Integer Underflow
Adobe Commerce - Security update for Adobe Commerce and Magento Open Source (Commerce Services Connector 3.2.5 and earlier), addressing:
Critical Vulnerability:
- CVE-2024-49521 (CVSS score 7.7) - Server-Side Request Forgery (SSRF)
Adobe has confirmed that there are no known exploits in the wild for any of these vulnerabilities. Users are recommended to update to the latest versions through the Creative Cloud desktop app's update mechanism.
