Adobe Family April 2024 Routine Security Update Advisory

Apr 11 2024

Overview

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. users of affected systems are advised to update to the latest version.

Affected Products

Adobe After Effects 24.1 or below

Adobe After Effects 23.6.2 or below

Photoshop 2023 24.7.2 or below

Photoshop 2024 25.3.1 or below

Adobe Commerce 2.4.7-beta3

2.4.6-p4

2.4.5-p6

2.4.4-p7

2.4.3-ext-6

2.4.2-ext-6

2.4.1-ext-6

2.4.0-ext-6

2.3.7-p4-ext-6* and below

Magento Open Source 2.4.7-beta3

2.4.6-p4

2.4.5-p6

2.4.4-p7 or below

Adobe InDesign id19.2 . or below

Adobe InDesign id18.5.1 or below

Adobe Experience Manager (AEM) aem cloud service (cs)

Adobe Experience Manager (AEM) 6.5.19 or below

Adobe Media Encoder 24.2.1 or below

Adobe Media Encoder 23.6.4 or below

Adobe Bridge 13.0.6 or below

Adobe Bridge 14.0.2 or below

Illustrator 2024 28.3 or below

Illustrator 2023 27.9.2 or below

Adobe Animate 2023 23.0.4 or below

Adobe Animate 2024 24.0.1 or below

Resolved Vulnerabilities

Memory leak due to an out-of-bounds read in memory in Adobe After Effects (CVE-2024-20737)

Memory leak vulnerability due to an out-of-bounds read in memory in Photoshop 2023 (CVE-2024-20770)

Arbitrary code execution vulnerability due to lack of input validation in Adobe Commerce (CVE-2024-20758)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2024-20759)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe InDesign (CVE-2024-20766)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26046)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26047)

Security feature bypass vulnerability due to information leakage in Adobe Experience Manager (AEM) (CVE-2024-26076)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26079)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26084)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26087)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26097)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26098)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26122)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-20778)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-20779)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-20780)

Arbitrary code execution vulnerability due to buffer overflow in Adobe Media Encoder (CVE-2024-20772)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Bridge (CVE-2024-20771)

Memory leak vulnerability due to an out-of-bounds read in memory in Illustrator 2024 (CVE-2024-20798)

Arbitrary code execution vulnerability in Illustrator (CVE-2024-30271, CVE-2024-30272, CVE-2024-30273)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe Animate 2023 (CVE-2024-20797)

Arbitrary code execution vulnerability due to an integer value overflow in Adobe Animate 2023 (CVE-2024-20795)

Memory leak vulnerability due to an out-of-bounds read of a memory value in Adobe Animate 2023 (CVE-2024-20796)

Application denial of service vulnerability due to a null pointer reference in Adobe Animate 2023 (CVE-2024-20794)

Vulnerability Patches

The following product-specific vulnerability patches were made available in the 04/09/2024 update

Adobe After Effects 23.6.5

Download Center

Photoshop 2023 24.7.3

Check the Adobe Referenced Sites below

Photoshop 2024 25.4

Check Adobe Referenced Sites below

Magento Open Source 2.4.7 for 2.4.7-beta3 and earlier 2.4.6-p5 for 2.4.6-p4 and earlier 2.4.5-p7 for 2.4.5-p6 and earlier 2.4.4-p8 for 2.4.4-p7 and earlier

2.4.x release notes

Note: * These versions are only applicable to customers participating in the Extended Support Program Note: * These versions are only applicable to customers participating in the Extended Support Program

Note: * These versions are only applicable to customers participating in the Extended Support Program

Adobe InDesign ID19.3

Check out the Adobe Referenced Sites below

Adobe InDesign ID18.5.2

See Adobe Referenced Sites below

Adobe Experience Manager (AEM) 6.5.20

AEM 6.5 Service Pack Release Notes

Adobe Media Encoder 23.6.5

Check Adobe Referenced Sites below

Adobe Bridge 14.0.3

Download Page

Illustrator 2024 version 28.4