Malware & Threats

Adobe Patches Code Execution Flaws in Substance 3D Stager

Patch Tuesday: Adobe patches six security flaws in the Substance 3D Stager product and warned of code execution risks on Windows and macOS.

Published

Adobe Acrobat vulnerability exploited

Software maker Adobe on Tuesday shipped patches for a half-dozen security defects in the Substance 3D Stager product and warned that hackers can target the vulnerabilities to launch code execution attacks.

Adobe tagged the vulnerabilities with an ‘important-severity’ rating and urged users on both macOS and Windows platforms to immediately apply the updates.

In the first Patch Tuesday updates for 2004, Adobe documented at least six vulnerabilities in the enterprise-facing 3D rendering software and said successful exploitation could lead to memory leak and arbitrary code execution in the context of the current user.

Adobe recommends that users upgrade to the Substance 3D Stager version 2.1.4 to mitigate the memory safety issues.

The company said it was not aware of any in-the-wild exploitation of the documented software flaws. 

Related: Adobe ColdFusion Flaw Exploited in Attacks on US Gov Agency 

Related: Adobe Says Critical PDF Reader Bug Being Exploited 

Related: Code Execution Flaws in Adobe Commerce, Photoshop

Advertisement. Scroll to continue reading.
In this article:, , ,

Related Content

Adobe Acrobat vulnerability exploited

Application Security

Adobe Adds Content Credentials and Firefly to Bug Bounty Program

Adobe is providing incentives for bug bounty hackers to report security flaws in its implementation of Content Credentials and Adobe Firefly.

May 1, 2024

Cloud Security

Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers

Patch Tuesday: Microsoft warns that unauthenticated hackers can take complete control of Azure Kubernetes clusters.

April 9, 2024

Malware & Threats

Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products

Adobe calls attention to a pair of code execution bugs in Adobe Commerce and Magento Open Source, a product used to manage online stories.

April 9, 2024

Security Architecture

Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server 

Microsoft ships patches for at least 60 security vulnerabilities in the Windows ecosystem and warned of remote code execution risks.

March 12, 2024

Application Security

SAP Patches Critical Command Injection Vulnerabilities

Enterprise software maker SAP documents multiple critical-severity issues and warns of risk of command injection attacks.

March 12, 2024

Risk Management

Adobe Patches Critical Flaws in Enterprise Products

Patch Tuesday: Adobe ships a hefty batch of security updates to fix critical-severity vulnerabilities in multiple enterprise-facing products.

March 12, 2024

Government

US Gov Says Software Measurability is ‘Hardest Problem to Solve’

White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem.

February 27, 2024

Endpoint Security

Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities

AMD and Intel patch dozens of vulnerabilities on February 2024 Patch Tuesday, including multiple high-severity bugs.

February 14, 2024

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version