Various Adobe applications are vulnerable. Newly available security updates close several vulnerabilities. Attackers can target Adobe After Effects, Audition, Bridge, Commerce, Illustrator, InDesign, Photoshop or Substance 3D Painter.

In the worst case, malicious code can get onto systems. Admins can find further information on the security vulnerabilities and secured versions in the warnings linked below this message.

Dangerous security vulnerabilities

After Effects is vulnerable under macOS and Windows. The developers state here they have closed six security vulnerabilities in versions 24.6.3 and 25.0. These include several vulnerabilities that attackers can use to push and execute malicious code on PCs (such as CVE-2024-47441 high). To do this, attackers must trigger memory errors (out-of-bounds) in an unspecified way.

Substance 3D Painter is also vulnerable to several malicious code vulnerabilities. Version 10.1.1 provides a remedy for this for all platforms. Illustrator versions 28.7.2 and 29.0.0 under macOS and Windows are equipped to protect against malicious code attacks.

Malicious code can also get onto systems and compromise them through gaps in InDesign. The developers have closed the vulnerabilities in versions ID18.5.3, ID18.5.4 and ID20.0. Photoshop 2023 24.7.4 and Photoshop 25.12 are also protected against the execution of malicious code (CVE-2024-49514 high).

Adobe is not explaining how attacks might work in individual cases. There are also no reports of attacks that are already underway. Nevertheless, admins should update the applications as soon as possible.