Malware & Threats

Adobe Patches Critical Flaws in Reader, Acrobat

Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.

Published

Adobe vulnerabilities

Software maker Adobe on Tuesday documented 35 security vulnerabilities in a wide range of products and urged users to pay immediate attention to critical-severity bugs in its widely deployed Adobe Acrobat and Reader programs.

As part of its scheduled batch of Patch Tuesday updates, Adobe patched a dozen security bugs in Acrobat and Reader and slapped a critical-severity label on several issues that expose users to code execution attacks.

According to an advisory from Adobe PSIRT, the Acrobat and Reader vulnerabilities affect both Windows and macOS users

The company said it was not aware of any exploits in the wild for any of the documented issues.

The security-themed updates also cover critical code execution vulnerabilities in Adobe Illustrator (Windows and macOS); code execution and memory leak software defects in Adobe Substance 3D Painter; an arbitrary code execution bug in Adobe Aero;  and critical issues in the Adobe Animate software.

The company also shipped patches for Adobe Framemaker and Adobe Dreamweaver (Windows and MacOS).

Advertisement. Scroll to continue reading.

Here’s a full summary Adobe’s May batch of security patches:

APSB24-29: Adobe Acrobat and Reader

  • CVE Numbers Addressed: CVE-2024-30284, CVE-2024-30310, CVE-2024-34094, CVE-2024-34095, CVE-2024-34096, CVE-2024-34097, CVE-2024-34098, CVE-2024-34099, CVE-2024-34100, CVE-2024-30311, CVE-2024-30312, CVE-2024-34101
  • Number of CVEs: 12
  • Affected Versions: 24.002.20736 and earlier, 20.005.30574 and earlier
  • Platform: Windows, macOS

APSB24-30: Adobe Illustrator

  • CVE Numbers Addressed: CVE-2024-20791, CVE-2024-20792, CVE-2024-20793
  • Number of CVEs: 3
  • Affected Versions: 28.4 and earlier, 27.9.3 and earlier
  • Platform: Windows, macOS

APSB24-31: Adobe Substance 3D Painter

  • CVE Numbers Addressed: CVE-2024-30274, CVE-2024-30307, CVE-2024-30308, CVE-2024-30309
  • Number of CVEs: 4
  • Affected Versions: 9.1.2 and earlier
  • Platform: All

APSB24-33: Adobe Aero

  • CVE Number Addressed: CVE-2024-30275
  • Number of CVEs: 1
  • Affected Versions: 0.23.4 and earlier
  • Platform: Windows, macOS

APSB24-35: Adobe Substance 3D Designer

  • CVE Number Addressed: CVE-2024-30281
  • Number of CVEs: 1
  • Affected Versions: 13.1.1 and earlier
  • Platform: All

APSB24-36: Adobe Animate

  • CVE identifiers: CVE-2024-30282, CVE-2024-30293, CVE-2024-30294, CVE-2024-30298, CVE-2024-30295, CVE-2024-30296, CVE-2024-30297
  • Number of CVEs: 7
  • Affected Versions: 23.0.5 and earlier, 24.0.2 and earlier
  • Platform: Windows, macOS

APSB24-37: Adobe FrameMaker

  • CVE Numbers Addressed: CVE-2024-30283, CVE-2024-30286, CVE-2024-30287, CVE-2024-30288, CVE-2024-30289, CVE-2024-30290, CVE-2024-30291, CVE-2024-30292
  • Number of CVEs: 8
  • Affected Versions: 2020 Release Update 5 and earlier, 2022 Release Update 3 and earlier
  • Platform: Windows

APSB24-39: Adobe Dreamweaver

  • CVE Number Addressed: CVE-2024-30314
  • Number of CVEs: 1
  • Affected Versions: 21.3 and earlier
  • Platform: Windows, macOS

Related: Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS

Related: Exploited Chrome Zero-Day Patched by Google

Related: SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver

Related: VMware Patches Vulnerabilities Exploited at Pwn2Own 2024

In this article:, ,

Related Content

Ivanti Fortinet Splunk vulnerability patches

Vulnerabilities

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

4 days ago

ICS/OT

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact

In addition, Rockwell Automation announced some enhancements to its SecureOT cybersecurity solution for OT.

4 days ago

Vulnerabilities

Microsoft Patches 200 Vulnerabilities

Three of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them.

4 days ago

Vulnerabilities

Adobe Patches 123 Vulnerabilities

Nearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager product.

4 days ago

Vulnerabilities

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

The two chip giants have published over two dozen advisories describing recently identified security defects.

May 13, 2026

Vulnerabilities

Microsoft Patches 137 Vulnerabilities

Fresh security updates resolve critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence.

May 12, 2026

Vulnerabilities

Adobe Patches 52 Vulnerabilities in 10 Products

While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution.

May 12, 2026

Vulnerabilities

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Experts say this is the second-largest Microsoft Patch Tuesday ever based on CVE count.

April 14, 2026

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version