Adobe on Tuesday released fixes for at least 72 security vulnerabilities across multiple products and warned that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks.
The Patch Tuesday rollout addresses critical security defects in Adobe Acrobat and Reader, Illustrator, Photoshop, InDesign, Adobe Commerce, and Dimension and the company is warning that the most severe of these vulnerabilities could allow attackers to take complete control of a target machine.
Adobe documented at least 12 flaws in the widely deployed Adobe Acrobat and Reader software that could expose users to code execution, privilege escalation, and memory leaks.
Affected versions include Acrobat DC, Acrobat 2024, and Acrobat 2020 on both Windows and macOS platforms.
The Adobe Illustrator product was also given a major security update to cover at least 7 documented vulnerabilities on both Windows and macOS systems. Adobe said the Illustrator flaws, rated critical, also introduces code execution risks.
Here’s the raw details on the rest of the Adobe updates:
Adobe Dimension
- Affected Versions: Adobe Dimension 3.4.11 and earlier
- CVE Numbers: CVE-2024-34124, CVE-2024-34125, CVE-2024-34126, CVE-2024-20789, CVE-2024-20790, CVE-2024-41865
- Impact: Arbitrary code execution, memory leak
- Platform: Windows and macOS
- Recommendation: Update to Adobe Dimension Version 4.0.2
Adobe Photoshop
- Affected Versions: Photoshop 2023: Version 24.7.3 and earlier; Photoshop 2024: Version 25.9.1 and earlier
- CVE Number: CVE-2024-34117
- Impact: Arbitrary code execution
- Platform: Windows and macOS
- Recommendation: Update to Photoshop 2023 Version 24.7.4 or Photoshop 2024 Version 25.11
Adobe InDesign
- Affected Versions: InDesign ID19.4 and earlier; InDesign ID18.5.2 and earlier
- 13 documented flaws: CVE-2024-39389, CVE-2024-39390, CVE-2024-39391, CVE-2024-41852, CVE-2024-41853, CVE-2024-39393, CVE-2024-39394, CVE-2024-41850, CVE-2024-41851, CVE-2024-39395, CVE-2024-3412, CVE-2024-41854, CVE-2024-41866
- Impact: Arbitrary code execution, memory leak, application denial-of-service
- Platform: Windows and macOS
- Update Recommendation: Update to InDesign ID19.5 or InDesign ID18.5.3
Adobe Bridge
- Affected Versions: Bridge 13.0.8 and earlier; Bridge 14.1.1 and earlier
- CVE Numbers: CVE-2024-39386, CVE-2024-39387, CVE-2024-41840
- Impact: Arbitrary code execution, memory leak
- Platform: Windows and macOS
- Recommendation: Update to Bridge 13.0.9 or Bridge 14.1.2
Adobe Substance 3D Stager
- Affected Versions: Substance 3D Stager 3.0.2 and earlier
- CVE Number: CVE-2024-39388
- Impact: Arbitrary code execution
- Platform: Windows and macOS
- Update Recommendation: Update to Substance 3D Stager Version 3.0.3
Adobe Commerce
- Affected Versions: Adobe Commerce: Versions 2.4.7-p1 and earlier; Magento Open Source: Versions 2.4.7-p1 and earlier
- CVE Numbers: CVE-2024-39397, CVE-2024-39398, CVE-2024-39399, CVE-2024-39400, CVE-2024-39401, CVE-2024-39402, CVE-2024-39403, CVE-2024-39406, CVE-2024-39404, CVE-2024-39405, CVE-2024-39407, CVE-2024-39408, CVE-2024-39409, CVE-2024-39410, CVE-2024-39411, CVE-2024-39412, CVE-2024-39413, CVE-2024-39414, CVE-2024-39415, CVE-2024-39416, CVE-2024-39417, CVE-2024-39418, CVE-2024-39419
- Impact: Arbitrary code execution, privilege escalation, security feature bypass
- Platform: All
- Recommendation: Update to the latest Adobe Commerce or Magento Open Source versions
Adobe InCopy
- Affected Versions: InCopy 19.4 and earlier; InCopy 18.5.2 and earlier
- CVE Number: CVE-2024-41858
- Impact: Arbitrary code execution
- Platform: Windows and macOS
- Recommendation: Update to InCopy Version 19.5 or Version 18.5.3
Adobe Substance 3D Sampler
- Affected Versions: Substance 3D Sampler 4.5 and earlier
- CVE Numbers: CVE-2024-41860, CVE-2024-41861, CVE-2024-41862, CVE-2024-41863
- Impact: Arbitrary code execution, memory leak
- Platform: All
- Recommendation: Update to Substance 3D Sampler Version 4.5.1
Adobe Substance 3D Designer
- Affected Versions: Substance 3D Designer 13.1.2 and earlier
- CVE Number: CVE-2024-41864
- Impact: Arbitrary code execution
- Platform: All
- Recommendation: Update to Substance 3D Designer Version 13.1.3
Adobe said it was not aware of any of the documented vulnerabilities being exploited prior to the availability of patches.
Related: Recent Adobe Commerce Vulnerability Exploited in Wild
Related: Adobe Issues Critical Product Patches, Warns of Code Execution Risks