Patchday: Adobe closes more than 160 security vulnerabilities in Acrobat & Co.
Several vulnerabilities in Adobe applications can serve as a gateway for attackers. Security updates are available.
(Image: Erstellt mit KI in Bing Image Creator durch heise online / dmk)
Adobe protects Acrobat, Animate, Connect, Experience Manager, InDesign, Illustrator, Media Encoder, Substance 3D Modeler, Substance 3D Painter and Substance 3D Sampler against possible attacks. In total, the software manufacturer has closed more than 160 vulnerabilities with updates for the products.
Countless security vulnerabilities
The majority of the vulnerabilities can be found in Experience Manager. Due to insufficient input checks, attackers can execute malicious code (CVE-2024-43711, risk"high"). The remaining vulnerabilities are classified with a"medium" threat level, allowing attackers to carry out stored-XXS attacks.
All platforms supported by the software are said to be at risk. The developers state that they have resolved the security issues in Cloud Service Release 2024.11 and 6.5.22.
Videos by heise
Several vulnerabilities (e.g. CVE-2024-49530,"high") in Acrobat and Reader also allow malicious actors to deliver malicious code to systems. This affects the PDF programs for macOS and Windows. The same applies to Animate.
Attacks on InDesign can also lead to memory errors. This mainly triggers DoS states, i.e. paralyzes the software. However, malicious code can often also get onto systems in this way. Adobe classifies most of the remaining gaps in the other applications as"critical" because they can lead to the execution of malicious code. In such a case, systems are generally considered to be fully compromised.
Further information on the affected versions and the security patches can be found in the linked warning messages:
- Acrobat and Reader
- Animate
- Connect[link to https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html]
- Experience Manager
- Illustrator
- InDesign
- Media Encoder
- Substance 3D Modeler
- Substance 3D Painter
- Substance 3D Sampler
On Patchday in November, Adobe patched security vulnerabilities in several programs, most of which were classified as high-risk. However, there were nowhere near as many as the 160 or so gaps that the manufacturer is now correcting with software patches in December.
(des)
