Adobe Security Update: Critical Vulnerabilities Patched


Adobe announced a series of important security updates aimed at addressing several vulnerabilities across its product suite. These vulnerabilities could potentially allow cybercriminals to execute arbitrary code and gain unauthorized access to systems. With the increase in cyber threats, this Adobe security update is a move to enhance the safety of its software and protect users.

Adobe has released a security update for Substance 3D Painter (APSB24-52) on October 8, 2024. This update is classified with a priority level of 3 and addresses a memory leak vulnerability identified as CVE-2024-20787, which carries an important severity rating. Users of version 10.0.1 and earlier are advised to update to version 10.1.0 through Creative Cloud to mitigate this risk.

Overview of Key Adobe Security Update

Adobe has issued updates for Adobe Commerce and Magento (APSB24-73), also released on October 8, 2024. This update has a priority level of 2 and addresses multiple critical vulnerabilities that could lead to code execution and privilege escalation. Various affected versions across Adobe Commerce and Magento are detailed in the original advisory. Users are strongly encouraged to update to the latest specified versions to ensure their systems remain secure.  

Importantly, Adobe has confirmed that it is not aware of any active exploits targeting these vulnerabilities, providing reassurance to users who depend on the company’s security measures. 

Detailed Patches for Adobe Commerce B2B and Magento

In a focused effort to address critical security issues, Adobe has released isolated patches for both Adobe Commerce B2B and Magento. For Adobe Commerce B2B, the company has introduced several patches: version 1.4.2-p3 for 1.4.2-p2 and earlier, 1.3.5-p8 for 1.3.5-p7 and earlier, 1.3.4-p10 for 1.3.4-p9 and earlier, and 1.3.3-p11 for 1.3.3-p10 and earlier.   

This update carries a priority level of 2 and addresses several critical vulnerabilities, including CVE-2024-45115, which involves critical privilege escalation (CVSS score of 9.8), CVE-2024-45148, a critical security feature bypass (CVSS score of 8.8), and CVE-2024-45116, which relates to critical cross-site scripting (XSS) vulnerabilities (CVSS score of 8.1).  

For Magento Open Source, Adobe has released patches as well: version 2.4.7-p3 for 2.4.7-p2 and earlier, 2.4.6-p8 for 2.4.6-p7 and earlier, 2.4.5-p10 for 2.4.5-p9 and earlier, and 2.4.4-p11 for 2.4.4-p10 and earlier. This update has a priority level of 3.  

Additionally, Adobe has released updates for several other applications. Adobe Dimension (APSB24-74), released on October 8, 2024, affects version 4.0.3 and earlier, with an updated version now available as 4.0.4. This update, which also has a priority level of 3, addresses critical vulnerabilities that could lead to arbitrary code execution (CVE-2024-45146 and CVE-2024-45150).  

Adobe Animate (APSB24-76) received its updates on the same date. The affected versions include 2023 (23.0.7 and earlier) and 2024 (24.0.4 and earlier), with the new updates being 23.0.8 and 24.0.5, respectively. This update is categorized with a priority level of 3 and resolves critical vulnerabilities that could lead to arbitrary code execution and memory leaks. 

Additional Vulnerabilities

This recent Adobe security update outlines several critical vulnerabilities that require attention. One of the highlighted issues is a stack-based buffer overflow, classified under CWE-121, which could lead to arbitrary code execution. This vulnerability has been assigned a critical severity rating with a CVSS score of 7.8, identified as CVE-2024-47410.  

Additionally, there is a “Use After Free” vulnerability categorized as CWE-416, also capable of allowing arbitrary code execution. This vulnerability is critical in severity and includes multiple CVE numbers ranging from CVE-2024-47412 to CVE-2024-47415, all carrying a CVSS score of 7.8. Another critical issue is an integer overflow, designated as CWE-190, which similarly allows arbitrary code execution and holds a CVSS score of 7.8, noted as CVE-2024-47416.

Moreover, a heap-based buffer overflow classified as CWE-122 has been identified, which can also lead to arbitrary code execution. This vulnerability has a critical severity rating and a CVSS score of 7.8, recorded as CVE-2024-47417. On a slightly less severe note, an out-of-bounds read classified as CWE-125 could result in a memory leak. This issue is deemed important, with a CVSS score of 5.5, associated with CVE-2024-47419 and CVE-2024-47420.

Adobe expresses its gratitude to the researchers who reported these vulnerabilities, particularly yjdfy and Francis Provencher. Their contributions have played a crucial role in enhancing the security of Adobe products, ensuring that users can rely on safer software environments. 

Conclusion

With the latest Adobe update security, users are urged to take immediate action by updating their applications to safeguard against potential threats. As vulnerabilities in Adobe software can have serious implications, timely updates are critical for maintaining better security. 



Source link