Adobe Patches Over 160 Vulnerabilities Across 16 Products

1 week ago 9
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

Adobe’s December 2024 Patch Tuesday updates address a total of more than 160 vulnerabilities across 16 products.

Roughly 90 of the vulnerabilities were patched in Adobe Experience Manager. A majority are important-severity (medium based on CVSS score) and they allow arbitrary code execution. Some of the flaws can be exploited to bypass security features. CVE-2024-43711 is the only vulnerability with a critical severity (high based on CVSS score).

Adobe patched 22 vulnerabilities in Connect, including several critical and high-severity issues that can be exploited for arbitrary code execution and privilege escalation.

More than a dozen security holes have been resolved in Adobe Animate, all of them described as critical issues (high severity based on CVSS) that can lead to arbitrary code execution. 

Nine vulnerabilities, including arbitrary code execution bugs, have been patched by the software giant in its InDesign product. 

The same number of flaws has been fixed in Substance 3D Modeler. Their exploitation can lead to arbitrary code execution or a DoS condition. In Substance 3D Sampler, Adobe patched three arbitrary code execution vulnerabilities. Two of the same type of vulnerability were fixed In Substance 3D Painter

Six vulnerabilities that can lead to code execution, DoS, or memory leaks have been fixed in Acrobat and Reader.

Adobe Media Encoder updates fix four vulnerabilities that can be exploited for code execution and DoS attacks. Two code execution vulnerabilities were fixed in Illustrator.

Advertisement. Scroll to continue reading.

Adobe has also patched one vulnerability in each of the following products: FrameMaker, Premiere Pro, Bridge, Photoshop, PDFL SDK, and After Effects. They can all lead to code execution. 

Adobe noted in its advisories that it’s not aware of any in-the-wild exploits for the vulnerabilities patched with its latest round of updates. 

Based on their priority ratings, the company does not expect to see any of them getting exploited, but users are still advised to install the available patches when they can.

Related: Adobe Commerce Flaw Exploited to Compromise Thousands of Sites

Related: Adobe Patches Critical Bugs in Commerce and Magento Products

Related: Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator

Read Entire Article