Adobe developers have fixed security vulnerabilities in Bridge, Commerce, Magento Open Source and Photoshop. Anyone who uses Adobe applications should keep them up to date for security reasons. If this does not happen, attackers can, in the worst case scenario, compromise systems with malicious code. Information about ongoing attacks is not yet known.
Ten vulnerabilities in Commerce and Magento Open Source are considered the most dangerous. Attackers can carry out multiple attacks here and acquire higher user rights, bypass security features and execute malicious code. The majority of the vulnerabilities are classified as having a high threat level. Adobe lists the versions protected against this in the according warning message.
Photoshop is vulnerable to malicious code attacks on macOS and Windows (CVE-2023-26370, high). The updated editions of Photoshop 2023 24.7.1 and Photoshop 2024 25.0 solve the issues. Bridge can also be attacked under macOS and Windows. At this point, memory leaks can occur (CVE-2023-38216, medium; CVE-2023-38217, medium). The developers claim to have fixed editions 13.0.4 and 14.0.0.
Adobe recommends users update their software installations to the latest versions.