Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks

Adobe documents at least seven code execution bugs affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge on Windows and macOS.

Software maker Adobe on Tuesday released critical-severity patches for security defects in multiple enterprise-facing products and warned that both Windows and macOS are exposed to code execution attacks.

As part of its scheduled batch of Patch Tuesday releases, the company documented at least seven vulnerabilities affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge and urged users to immediately install available patches.

“Successful exploitation could lead to arbitrary code execution,” the company warned multiple times.

The raw details: 

  • Adobe Premiere Pro (CVE-2024-34123) — Affected Versions: 24.4.1 and earlier, 23.6.5 and earlier (Windows and macOS). Untrusted search path; CVSS 7.0/10.
  • Adobe InDesign (CVE-2024-20781, CVE-2024-20782, CVE-2024-20783, CVE-2024-20785) — Affected Versions: ID19.3 and earlier, ID18.5.2 and earlier (Windows and macOS). Memory safety issues (CVSS 7.8/10).
  • Adobe Bridge (CVE-2024-34139, CVE-2024-34140). Affected Versions:** 13.0.7 and earlier, 14.1 and earlier (Windows and macOS). Integer overflow, out-of-band read (CVSS 7.8).

Adobe said it was not aware of any exploits in the wild for any of the issues addressed this month.

Related: BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol

Related: SAP Patches High-Severity Vulnerabilities in PDCE, Commerce

Related: Adobe Ships Hefty Batch of Security Patches 

Related: Adobe Adds Content Credentials and Firefly to Bug Bounty Program

Advertisement. Scroll to continue reading.
Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights