Patch Day Adobe: Malicious code vulnerabilities threaten Dreamweaver & Co.
Important security updates fix Adobe ColdFusion and InDesign, among others.
(Image: Alfa Photo / Shutterstock.com)
Attackers can target Windows and macOS PCs through several security vulnerabilities in Adobe applications. In the worst case, malicious code can fully compromise systems. So far, there are no reports of attacks.
The software manufacturer classifies several vulnerabilities as “critical,” even though the official CVSS score categorizes the vulnerabilities with a threat level of “high.”
Security patches available
For example, Adobe Bridge can be attacked via a malicious code vulnerability (CVE-2026-21283 “high”). The basis for this is a memory error (heap-based buffer overflow) triggered by attackers through an unspecified method. Such memory errors are also the basis for malicious code to enter computers in the other applications.
Videos by heise
In the following list, administrators will find the versions secured against possible attacks:
- Bridge 15.1.3 (LTS), 16.0.1 (macOS, Windows)
- ColdFusion 2025 Update 6, ColdFusion 2023 Update 18 (all platforms)
- Dreamweaver 21.7 (macOS, Windows)
- Illustrator 2025 29.8.4, Illustrator 2026 30.1 (macOS, Windows)
- InCopy 21.1, 20.5.1 (macOS, Windows)
- InDesign ID21.1, ID20.5.1 (macOS, Windows)
- Substance 3D Designer 15.0.3 (all platforms)
- Substance 3D Modeler 1.22.5 (all platforms)
- Substance 3D Painter 11.1.2 (all platforms)
- Substance 3D Sampler 5.1.3 (all platforms)
- Substance 3D Stager 3.1.6 (macOS, Windows)
(des)
