Adobe has released security updates for After Effects, InDesign and Photoshop, among others.

Attackers could attack computers running Adobe applications. The vulnerabilities that have now been closed affect After Effects, Animate, Bridge, Connect, FrameMaker, InDesign, Photoshop, Premiere Rush and Substance 3D Stager. macOS and Windows are affected.

Adobe does not provide any information on possible attack paths. It remains unknown how attackers could proceed to attack computers. It is clear that in many cases they could trigger memory errors. This usually leads to malicious code getting onto systems. This can happen, for example, via several security vulnerabilities in After Effects CVE-2023-22237, CVE-2023-22238, CVE-2023-22239 that the software manufacturer has classified as critical.

Update your Adobe software

Malicious code attacks are also possible on Animate, Bridge, FrameMaker, Photoshop, Premiere Rush and Substance 3D Stager. Users should ensure they have the following versions of macOS and Windows protected against the attacks installed:

• After Effects 22.6.4 or 23.2
• Animate 2022 22.0.9
• Animate 2023 23.0.1
• Bridge 12.0.4 or 13.0.2
• Connect 11.4.6 or 12.2
• FrameMaker 2020 Update 5
• FrameMaker 2022 Update 1
• InDesign ID17.4.1 or ID18.2
• Photoshop 2022 23.5.4
• Photoshop 2023 24.1.1
• Premiere Rush 2.7
• Substance 3D Stager 2.0.0