Adobe Patchday: Malicious Code Vulnerabilities Threaten InDesign & Co.
Important security updates have been released for Adobe Illustrator, InCopy, and Photoshop, among others.
(Image: heise medien)
Attackers can target systems with Adobe applications and, in the worst case, execute malicious code. Security updates are available for download as part of the Adobe Patchday.
The security vulnerabilities are found in Format Plugins, InCopy, InDesign, Illustrator, Illustrator on iPad, Photoshop, Pass, and Substance 3D Stager. In most cases, attackers can trigger memory errors through an unspecified method and subsequently execute their code. The apps affected are on the Android, macOS, and Windows operating systems. So far, there have been no reports of attacks.
Videos by heise
Adobe's developers assure that the vulnerabilities have been closed in the following versions:
- Format Plugins 1.1.2
- InDesign ID 20.5.1, ID21.0
- Illustrator on iPad 3.0.10
- Illustrator 2025 29.8.3, 2026 30.0
- Photoshop 2025 26.9
- Substance 3D Stager 3.1.6
- InCopy 20.5.1, 21.0
- Pass Authentication Android SDK 3.8.0
In October, Adobe released a total of twelve security advisories for vulnerabilities in the creative apps from the company.
(des)
