Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Patches Over 160 Vulnerabilities Across 16 Products

Adobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect.

Adobe vulnerabilities

Adobe’s December 2024 Patch Tuesday updates address a total of more than 160 vulnerabilities across 16 products.

Roughly 90 of the vulnerabilities were patched in Adobe Experience Manager. A majority are important-severity (medium based on CVSS score) and they allow arbitrary code execution. Some of the flaws can be exploited to bypass security features. CVE-2024-43711 is the only vulnerability with a critical severity (high based on CVSS score).

Adobe patched 22 vulnerabilities in Connect, including several critical and high-severity issues that can be exploited for arbitrary code execution and privilege escalation.

More than a dozen security holes have been resolved in Adobe Animate, all of them described as critical issues (high severity based on CVSS) that can lead to arbitrary code execution. 

Nine vulnerabilities, including arbitrary code execution bugs, have been patched by the software giant in its InDesign product. 

The same number of flaws has been fixed in Substance 3D Modeler. Their exploitation can lead to arbitrary code execution or a DoS condition. In Substance 3D Sampler, Adobe patched three arbitrary code execution vulnerabilities. Two of the same type of vulnerability were fixed In Substance 3D Painter

Six vulnerabilities that can lead to code execution, DoS, or memory leaks have been fixed in Acrobat and Reader.

Adobe Media Encoder updates fix four vulnerabilities that can be exploited for code execution and DoS attacks. Two code execution vulnerabilities were fixed in Illustrator.

Advertisement. Scroll to continue reading.

Adobe has also patched one vulnerability in each of the following products: FrameMaker, Premiere Pro, Bridge, Photoshop, PDFL SDK, and After Effects. They can all lead to code execution. 

Adobe noted in its advisories that it’s not aware of any in-the-wild exploits for the vulnerabilities patched with its latest round of updates. 

Based on their priority ratings, the company does not expect to see any of them getting exploited, but users are still advised to install the available patches when they can.

Related: Adobe Commerce Flaw Exploited to Compromise Thousands of Sites

Related: Adobe Patches Critical Bugs in Commerce and Magento Products

Related: Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.