Adobe Patchday: Malicious code vulnerabilities jeopardize Illustrator & Co.
Attackers can exploit several vulnerabilities in Adobe applications to compromise computers.
(Image: Erstellt mit KI in Bing Image Creator durch heise online / dmk)
Several vulnerabilities in Commerce, InCopy, InDesign, Illustrator, Photoshop Elements, Substance 3D Designer and Substance 3D Stager put PCs at risk. Adobe classifies many of the vulnerabilities as"critical". Security updates are available for download for macOS and Windows. There are currently no reports of ongoing attacks.
Execution of malicious code possible
Commerce-based online stores are vulnerable and attackers can gain higher user rights (CVE-2025-24434"critical"), bypass security functions (CVE-2025-24409"high") or execute malicious code (CVE-2025-24412"high"), among other things. Adobe lists the issues equipped against this in an article.
InDesign is protected against various attacks in editions ID19.5.2 and ID20.1. In Illustrator 2024 28.7.4 and Illustrator 2025 29.2.1, the developers have closed three malware vulnerabilities.
Videos by heise
Substance 3D Stager is protected in version 3.1.1. Substance 3D Designer is protected in version 14.1. A malicious code vulnerability (CVE-2025-21156"high") has also been closed in InCopy 19.5.2 and 20.1. Photoshop Elements is only vulnerable under macOS with ARM processors. Issue 2025.1 [build: 20250124.PSE.f552973b, 20250124.PSE.5345f07d (Mac ARM)] provides a remedy.
(des)
