Patchday: Adobe closes over 50 vulnerabilities in After Effects & Co.
Important security updates fix various Adobe applications. So far, there are no reports of ongoing attacks.
Attackers can exploit several security vulnerabilities in Adobe After Effects, Connect, and Premiere Pro, among others. In the worst case, this can lead to the execution of malicious code. Security patches are available. Currently, there are no indications of attacks in the software manufacturer's security advisories.
Multiple Attack Vectors
According to the classification, the most dangerous is a malicious code vulnerability (CVE-2026-34659, “critical”) in Connect. This allows attackers to execute malicious code. To succeed, according to the vulnerability description, a victim must click on a link prepared by an attacker. macOS and Windows are affected. The developers assure that the security problem in Connect Desktop Application 2026.01.39 (macOS) and 2026.3.125 (Windows) has been resolved.
The highest patch priority applies to 15 vulnerabilities in Adobe Commerce. Here, attackers can, for example, bypass security mechanisms or trigger DoS states, leading to crashes. After Effects is vulnerable through four malicious code flaws. The remaining applications are also primarily susceptible to malicious code attacks. Therefore, administrators should install the security updates promptly to prevent potential attacks.
Install Security Updates Now
As the list of fixed versions of Adobe applications is too extensive for this report, administrators should consult Adobe's security advisories linked below this article. These advisories provide information on the affected and secured versions, as well as details on the closed software vulnerabilities.
Videos by heise
List sorted by patch priority in descending order:
- Commerce
- After Effects
- Connect
- Illustrator
- Media Encoder
- Premiere Pro
- Substance 3D Painter
- Substance 3D Sampler
- Authenticity SDK
- Substance 3D Designer
(des)
