Adobe Patchday: Nine products with security vulnerabilities
Adobe has released security updates for nine products on October Patchday. Admins should install them quickly.
(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)
Adobe has published security notifications for nine vulnerable products with vulnerabilities for the October Patchday. The most serious vulnerabilities are found in Adobe Commerce, which the developers classify as critical.
The developers list the nine new security advisories on the overview page of Adobe's security reports. According to this, the programmers have released security updates for Lightroom, InDesign, FrameMaker, Commerce, Animate, Substance 3D Stager, Substance 3D Painter, Dimension and InCopy.
Partly critical security vulnerabilities
The most serious is a vulnerability in the B2B version of Adobe Commerce, which allows attackers to escalate privileges (CVE-2024-45115, CVSS 9.8, risk"critical"). This does not require prior authentication, nor do malicious actors need to have admin rights beforehand. Adobe classifies most of the other vulnerabilities, including those in the other products, as high risk. IT managers should therefore check whether the vulnerable products are being used in their environments and apply the updates quickly.
Videos by heise
The security notifications in detail, sorted by severity:
- Security update available for Adobe Commerce (highest CVSS value: 9.8, risk"critical")
- Security updates available for Adobe Dimension (highest CVSS value: 7.8, high)
- Security updates available for Adobe Animate (highest CVSS value: 7.8, high)
- Security updates available for Adobe InCopy (CVSS 7.8, high)
- Security updates available for Substance 3D Stager (highest CVSS value: 7.8, high)
- Security Update Available for Adobe InDesign (CVSS 7.8, high)
- Security Updates Available for Adobe FrameMaker (highest CVSS value: 7.8, high)
- Security Updates Available for Substance 3D Painter (CVSS 5.5, medium)
- Security Updates Available for Adobe Lightroom (no CVSS, but classified as "important")
In September, Adobe also patched some critical security leaks with software patches on Patchday. A total of eight products were affected by security-relevant bugs that allowed malicious code to be infiltrated, for example.
(dmk)
