Adobe has released crucial security updates for its widely-used software products: Premiere Pro, InDesign, and Bridge.
The updates, identified as APSB24-46, APSB24-48, and APSB24-51, respectively, were initially posted and last updated on July 9, 2024.
These updates aim to address several vulnerabilities that could potentially be exploited by malicious actors, posing significant risks to users’ data and system integrity.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Latest Product Security Updates
Critical Vulnerability in Adobe Premiere Pro
Adobe has released updates for Adobe Premiere Pro for Windows and macOS to address a critical vulnerability. Successful exploitation of this vulnerability could lead to arbitrary code execution.
Affected Versions
| Product | Version | Platform |
|---|---|---|
| Adobe Premiere Pro | 24.4.1 and earlier | Windows, macOS |
| Adobe Premiere Pro | 23.6.5 and earlier | Windows, macOS |
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVE Numbers |
|---|---|---|---|---|
| Untrusted Search Path (CWE-426) |
Arbitrary code execution | Critical | 7.0 | CVE-2024-34123 |
Critical Vulnerabilities in Adobe InDesign
Adobe has released a crucial security update for InDesign, addressing several critical vulnerabilities that, if successfully exploited, could potentially lead to arbitrary code execution.
Affected Versions
| Product | Affected version | Platform |
| Adobe InDesign | ID19.3 and earlier version. | Windows and macOS |
| Adobe InDesign | ID18.5.2 and earlier version | Windows and macOS |
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVE Number |
|---|---|---|---|---|
| Heap-based Buffer Overflow (CWE-122) | Arbitrary code execution | Critical | 7.8 | CVE-2024-20781 |
| Out-of-bounds Write (CWE-787) | Arbitrary code execution | Critical | 7.8 | CVE-2024-20782 |
| Heap-based Buffer Overflow (CWE-122) | Arbitrary code execution | Critical | 7.8 | CVE-2024-20783 |
| Heap-based Buffer Overflow (CWE-122) | Arbitrary code execution | Critical | 7.8 | CVE-2024-20785 |
Critical Vulnerabilities in Adobe Bridge
Adobe has released a security update for Adobe Bridge, addressing critical vulnerabilities that could lead to arbitrary code execution and memory leaks.
Affected Versions
| Product | Version | Platform |
|---|---|---|
| Adobe Bridge | 13.0.7 and earlier versions | Windows and macOS |
| Adobe Bridge | 14.1 and earlier versions | Windows and macOS |
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVE Numbers |
|---|---|---|---|---|
| Integer Overflow or Wraparound (CWE-190) | Arbitrary code execution | Critical | 7.8 | CVE-2024-34139 |
| Out-of-bounds Read (CWE-125) | Memory leak | Important | 5.5 | CVE-2024-34140 |
PSIRT’s Role in Security
The Product Security Incident Response Team (PSIRT) at Adobe has played a crucial role in implementing the company’s vulnerability disclosure program.
PSIRT provides a centralized point of contact for customers, partners, pen-testers, and security researchers to report security vulnerabilities in Adobe products and services.
By encouraging the external security community to disclose security issues privately, PSIRT minimizes risks to customers, Adobe’s infrastructure, and the brand.
This collaborative approach underscores Adobe’s commitment to maintaining the highest security standards for its users.
Adobe Premiere Pro, InDesign, and Bridge users are strongly advised to install these updates immediately to safeguard their systems.
The security patches address vulnerabilities that, if left unpatched, could be exploited to execute arbitrary code, leading to potential data breaches or system compromises.
Adobe’s latest product security updates provide detailed information and guidance on the reported security issues, ensuring users can take the necessary steps to protect their software and data.
Users can visit the official Adobe security page for more information on the latest security updates and to notify Adobe of any security issues.
Staying informed and proactive about software updates is crucial in today’s digital landscape, where security threats constantly evolve.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo