Security Advisory

Adobe Product Security Update Advisory

  • Nov 13 2024

Overview

 

An update has been released to address vulnerabilities in Adobe Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-45114, CVE-2024-47450, CVE-2024-47451, CVE-2024-47452

  • Illustrator 2024 versions: ~ 28.7.1 (inclusive) (Windows, macOS)

 

CVE-2024-47426, CVE-2024-47427, CVE-2024-47428, CVE-2024-47429, CVE-2024-47430, CVE-2024-47431, CVE-2024-47432, CVE-2024-47433, CVE-2024-47434, CVE-2024-49515, CVE-2024-49516, CVE-2024-49517, CVE-2024-49518, CVE-2024-49519, CVE-2024-49520, CVE-2024-49525

  • Adobe Substance 3D Painter versions: ~ 10.1.0 (inclusive)

 

CVE-2024-49514

  • Photoshop 2023 versions: ~ 24.7.3 (inclusive) (Windows, macOS)
  • Photoshop 2024 versions: ~ 25.11 (inclusive) (Windows, macOS)

 

CVE-2024-47441, CVE-2024-47442, CVE-2024-47443

  • Adobe After Effects versions: ~ 24.6.2 (inclusive) (Windows, macOS)
  • Adobe After Effects versions: ~ 23.6.9 (inclusive) (Windows, macOS)

 

CVE-2024-49507, CVE-2024-49508

  • Adobe InDesign versions: ~ ID19.5 (inclusive) (Windows, macOS)
  • Adobe InDesign versions: ~ ID18.5.2 (inclusive) (Windows, macOS)

 

CVE-2024-49509

  • Adobe InDesign versions: ~ ID19.5 (inclusive) (Windows, macOS)
  • Adobe InDesign versions: ~ ID18.5.3 (inclusive) (Windows, macOS)

 

CVE-2024-49521

  • Adobe Commerce versions: ~ 3.2.5 (inclusive)

 

 

Resolved Vulnerabilities

 

Heap-based buffer overflow vulnerabilities that could result in arbitrary code execution in the context of the current user (CVE-2024-47450, CVE-2024-49517, CVE-2024-49508, CVE-2024-49525, CVE-2024-49509, CVE-2024-49507, CVE-2024-49507, CVE-2024-47431, CVE-2024-47428)

Out-of-bounds write vulnerabilities that could result in arbitrary code execution in the context of the current user (CVE-2024-45114, CVE-2024-47451, CVE-2024-47452, CVE-2024-47433, Cve-2024-47442, cve-2024-49516, cve-2024-49518, cve-2024-49519, cve-2024-47427, cve-2024-47434, cve-2024-47432, cve-2024-47441, cve-2024-47429, cve-2024-47430, cve-2024-47443, cve-2024-49520)

Integer Underflow (Wrap or Wraparound) Vulnerability that could result in arbitrary code execution in the context of the current user (CVE-2024-49514)

Untrusted Search Path Vulnerability (CVE-2024-49515) that could allow an attacker to execute arbitrary code

Double Free vulnerability that could result in arbitrary code execution in the context of the current user (CVE-2024-47426)

Server-side request forgery (SSRF) vulnerability that could lead to security feature bypass (CVE-2024-49521)

 

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-45114, CVE-2024-47450, CVE-2024-47451, CVE-2024-47452

  • Illustrator 2024 versions: 28.7.2 (Windows, macOS)

 

CVE-2024-47426, CVE-2024-47427, CVE-2024-47428, CVE-2024-47429, CVE-2024-47430, CVE-2024-47431, CVE-2024-47432, CVE-2024-47433, CVE-2024-47434, CVE-2024-49515, CVE-2024-49516, CVE-2024-49517, CVE-2024-49518, CVE-2024-49519, CVE-2024-49520, CVE-2024-49525

  • Adobe Substance 3D Painter version: 10.1.1

 

CVE-2024-49514

  • Photoshop 2023 version: 24.7.4 (Windows, macOS)
  • Photoshop 2024 version: 25.12 (Windows, macOS)

 

CVE-2024-47441, CVE-2024-47442, CVE-2024-47443

  • Adobe After Effects version: 24.6.3 (Windows, macOS)
  • Adobe After Effects version: 25.0 (Windows, macOS)

 

CVE-2024-49507, CVE-2024-49508

  • Adobe InDesign version: ID20.0 (Windows, macOS)
  • Adobe InDesign version: ID18.5.3 (Windows, macOS)

 

CVE-2024-49509

  • Adobe InDesign version: ID20.0 (Windows, macOS)
  • Adobe InDesign version: ID18.5.4 (Windows, macOS)

 

CVE-2024-49521

  • Adobe Commerce version: 3.2.6

 

 

References Sites

 

[1] Security update available for Adobe Commerce | APSB24-90

https://helpx.adobe.com/security/products/magento/apsb24-90.html

[2] Security updates available for Substance 3D Painter | APSB24-86

https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html

[3] Security update available for Adobe Photoshop | APSB24-89

https://helpx.adobe.com/security/products/photoshop/apsb24-89.html

[4] Security Updates Available for Adobe After Effects | APSB24-85

https://helpx.adobe.com/security/products/after_effects/apsb24-85.html

[5] Security Updates Available for Adobe Illustrator | APSB24-87

https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

[6] Security Update Available for Adobe InDesign | APSB24-88

https://helpx.adobe.com/security/products/indesign/apsb24-88.html

Tags:

Previous Post

Next Post