Adobe fixed several, some critical, security vulnerabilities in several programs on Patch Tuesday in March.

Adobe: Serious security vulnerabilities

There are four security vulnerabilities in Adobe Bridge. which allows attackers to execute arbitrary code or read memory areas. In the according security notice, Adobe writes that three vulnerabilities allow the execution of malicious code that is considered high risk according to the CVSS rating. Adobe Bridge 14.0.2 and 13.0.6 close the gaps. In Adobe Lightroom for macOS, attackers can also inject and execute arbitrary code, which the company classifies as a critical risk - a CVE entry or a CVSS rating is currently missing. Version 7.2 corrects this error and can be downloaded from the Apple App Store.

A vulnerability in Adobe Cold Fusion allows malicious actors to read arbitrary files from the file system (CVE-2024-20767, CVSS 8.2, risk high). The company's developers consider this to be a critical level of threat. Cold Fusion 2023 Update 7 and 2021 Update 13 close the gap.

In Adobe Premiere Pro for macOS and Windows, attackers can also provoke a heap-based buffer overflow or memory accesses outside of intended memory limits and inject malicious code (CVE-2024-20745, CVE-2024-20746, CVSS 7.8, risk high). Adobe considers the risk to be critical and is closing the gaps with updates to Premiere Pro 24.2.1 and 23.6.4.

Adobe Animate 2024 24.0.1 and 2023 23.0.4 for macOS and Windows correct four security-related bugs, one of which allows the execution of inserted code due to potential write accesses outside the intended memory limits (CVE-2024-20761, CVSS 7.8, risk high).

In Adobe Experience Manager (AEM), however, there are numerous vulnerabilities, the threat level of which reaches medium risk and in some cases low risk. AEM Cloud Service Release 2024.03 and AEM 6.5.20.0 plug the security leaks.

Overview of Adobe's security messages

Further information about the vulnerabilities and threatened versions can be found in the according alerts:

Security update available for Adobe Experience Manager Security update available for Adobe Premiere Pro Security update available for Adobe Coldfusion Security update available for Adobe Bridge Security update available for Adobe Lightroom Security update available for Adobe Animate