Adobe Patch Day:Critical Malicious Code Vulnerabilities Threaten Photoshop & Co.
Important security updates close vulnerabilities in Adobe applications. Because many gaps are critical, admins should act promptly.
(Image: heise medien)
Adobe is closing security vulnerabilities in Acrobat Reader, Bridge, Connect, ColdFusion, DNG SDK, Experience Manager Screens, FrameMaker, InCopy, InDesign, Illustrator, and Photoshop. In the worst case, malicious code can get onto computers, thus completely compromising systems.
Patch now!
It has been known since last weekend that attackers are exploiting a “critical” security vulnerability (CVE-2026-34621) in Acrobat Reader. Since then, the protected versions Acrobat DC Continuous 26.001.21411, Acrobat Reader DC Continuous 26.001.21411, and Acrobat 2024 Classic 2024 Windows: 24.001.30362 | Mac: 24.001.30360 have also been released.
But this is not the only vulnerability threatening the PDF applications. In versions 26.001.21431 and 24.001.30365, the developers have closed further security vulnerabilities (e.g., CVE-2026-34622 “high”). This is stated in a warning message.
According to an Adobe post, ColdFusion is vulnerable on all platforms via several security vulnerabilities. For example, attackers can also execute malicious code (CVE-2026-27306 “high”) or bypass security mechanisms (CVE-2026-34619 “high”).
According to the developers, Photoshop is also susceptible to malicious code attacks (CVE-2026-27289 “high”). Adobe is not currently detailing how attacks could proceed in detail in all cases.
Videos by heise
Admins can find further information on the vulnerabilities and repaired versions in the linked warning messages:
- Acrobat Reader (already attacked)
- Acrobat Reader
- Bridge
- Connect
- ColdFusion
- DNG SDK
- Experience Manager Screens
- FrameMaker
- InCopy
- InDesign
- Illustrator
- Photoshop
(des)
