Patch day at Adobe: After Effects & Co. vulnerable to malware attacks
Security patches close several vulnerabilities in Adobe applications. So far, there are no reports of attacks.
(Image: Alfa Photo/Shutterstock.com)
Adobe has fixed its applications Bridge, After Effects, Audition, DNG Software Development Kit (SDK), InDesign, Lightroom Classic, Substance 3D Designer, Substance 3D Modeler, and Substance 3D Stager. Those who do not install the security updates risk attackers executing malicious code on computers. Adobe states that they currently have no indications of attacks.
PCs compromisable
The software manufacturer classifies the majority of the security vulnerabilities as “critical.” In most cases, the versions for macOS and Windows are vulnerable, and attackers can execute malicious code. This usually leads to the complete compromise of systems.
Examples include vulnerabilities in Substance 3D Stager (CVE-2026-21341 “high”) and After Effects (CVE-2026-21318 “high”). For malicious code to reach systems, attackers must trigger memory errors (e.g., Use After Free) through an unspecified method.
Videos by heise
Adobe's developers assure that the security issues have been resolved in the following versions:
- Bridge 15.1.4 (LTS, 16.0.2 (macOS, Windows)
- After Effects 25.6.4, 26.0 (macOS, Windows)
- Audition 25.6, 26.0 (macOS, Windows)
- DNG Software Development Kit (SDK) DNG SDK 1.7.2 build 2410 (all platforms)
- InDesign ID20.5.2, ID21.2 (macOS, Windows)
- Lightroom Classic 14.5.2 LTS, 15.11 (all platforms)
- Substance 3D Designer 15.1.2 (all platforms)
- Substance 3D Modeler 1.22.6 (all platforms)
- Substance 3D Stager 3.1.7 (macOS, Windows)
(des)
