Summary
Adobe has released security updates to address multiple vulnerabilities, including one with a severity of “critical” and 33 with a severity of “high,” in the products Acrobat Reader, Bridge, Commerce, Dimension, Illustrator, InCopy, InDesign, Photoshop, Substance 3D Designer, Substance 3D Stager.
Risk
Vulnerability impact estimate on the reference community: HIGH/ORANGE (65.38/100)1.
Type
- Arbitrary Code Execution
- Arbitrary File Read
- Privilege Escalation
- Security Feature Bypass
Affected products and/or versions
Adobe
- Acrobat Reader
- Bridge
- Commerce
- Dimension
- Illustrator
- InCopy
- InDesign
- Photoshop
- Substance 3D Designer
- Substance 3D Stager
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products following the indications of the security bulletins available at the links in the References section.
Unique Vulnerability Identifiers
The following are the CVEs related to the vulnerabilities with severity “critical” and “high”:
References
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/illustrator/apsb24-45.html
https://helpx.adobe.com/security/products/dimension/apsb24-47.html
https://helpx.adobe.com/security/products/photoshop/apsb24-49.html
https://helpx.adobe.com/security/products/indesign/apsb24-56.html
https://helpx.adobe.com/security/products/acrobat/apsb24-57.html
https://helpx.adobe.com/security/products/bridge/apsb24-59.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.html
https://helpx.adobe.com/security/products/magento/apsb24-61.html
https://helpx.adobe.com/security/products/incopy/apsb24-64.html
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-67.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
