Software maker Adobe on Tuesday shipped patches for a half-dozen security defects in the Substance 3D Stager product and warned that hackers can target the vulnerabilities to launch code execution attacks.
Adobe tagged the vulnerabilities with an ‘important-severity’ rating and urged users on both macOS and Windows platforms to immediately apply the updates.
In the first Patch Tuesday updates for 2004, Adobe documented at least six vulnerabilities in the enterprise-facing 3D rendering software and said successful exploitation could lead to memory leak and arbitrary code execution in the context of the current user.
Adobe recommends that users upgrade to the Substance 3D Stager version 2.1.4 to mitigate the memory safety issues.
The company said it was not aware of any in-the-wild exploitation of the documented software flaws.
Related: Adobe ColdFusion Flaw Exploited in Attacks on US Gov Agency