Adobe fixes several critical security vulnerabilities on the September 2024 Patch Day. Updates are available for eight of the manufacturer's products.

All products for which Adobe provides updates contain security gaps that the developers classify as a critical risk - possibly deviating from the risk assessment based on CVSS values, which in some cases only attest to a high risk for the gaps. Anyone who uses Adobe Media Encoder, Adobe Audition, Adobe After Effects, Adobe Premiere Pro, Adobe Illustrator, Adobe Acrobat Reader, Adobe Coldfusion or Adobe Photoshop should download and install the available updates quickly.

Code smuggling is possible

The impact of the security vulnerabilities is serious. They allow attackers to use manipulated files to inject and execute malicious code. Other vulnerabilities allow malicious actors to abuse memory leaks or write arbitrary files in the context of the current user account. Adobe Illustrator can also be paralyzed with a denial-of-service attack.

Adobe's security bulletins discuss the vulnerabilities in each product in more detail:

• Security Bulletin for Adobe Media Encoder
• Security Bulletin for Adobe Audition
• Security Bulletin for Adobe After Effects
• Security Bulletin for Adobe Premiere Pro
• Security Bulletin for Adobe Illustrator
• Security Bulletin for Adobe Acrobat and Reader
• Security Bulletin for Adobe Coldfusion
• Security Bulletin for Adobe Photoshop

So far, these vulnerabilities have apparently not been publicly disclosed in advance. Adobe does not list any of the vulnerabilities as having already been attacked.

In August, Adobe had to provide even more products with updates on Patch Day to fix some critical vulnerabilities. These also enabled attackers to compromise affected computers.