Adobe April 2024 Patch Day

Critical Vulnerability Warnings for Experience Manager and More

Adobe has addressed critical security vulnerabilities across several of its applications. It is essential to install the updates immediately.

Multiple vulnerabilities have been identified in Adobe After Effects, Animate, Bridge, Commerce, Experience Manager, Illustrator, InDesign, Media Encoder, and Photoshop that could potentially allow attackers to inject malicious code into systems. In some instances, this could lead to attackers gaining complete control of PC systems.

Potential Attacks Looming

Adobe has rated most of the resolved vulnerabilities as critical. These vulnerabilities, particularly in Animate (CVE-2024-20797 high, CVE-2024-20795 high), could lead to memory errors on both macOS and Windows platforms, allowing attackers to execute their own code and potentially install Trojans.

The e-commerce platforms Adobe Commerce and Magento Open Source are also at risk. A critical vulnerability (CVE-2024-20758) could allow malicious code to infiltrate and compromise these shop systems.

Experience Manager is vulnerable to various persistent XSS attacks across all platforms, which could also lead to malicious code being deployed onto computers. Additionally, there are concerns that InDesign could expose sensitive information on both macOS and Windows platforms (CVE-2024-20766 medium) following successful attacks, although the exact methods of potential attacks remain unclear.

Immediate Patching Required

Administrators are advised to consult the security advisories linked below for details on other vulnerabilities and the versions that have been secured. While there are no reports of these vulnerabilities being exploited in the wild currently, it is crucial to update the affected applications promptly to mitigate any risks.

about author