Adobe releases a patch update addressing over 160 vulnerabilities across 16 products

440/67 Thursday, December 12, 2024

Adobe, a leading software developer, has released its December 2024 Patch Tuesday security update, addressing over 160 vulnerabilities across 16 popular products such as Reader, Illustrator, Photoshop, and Connect. Key details of the fixes include:

  1. Adobe Experience Manager: More than 90 vulnerabilities have been resolved, most rated as moderate based on CVSS scores. These vulnerabilities could allow arbitrary code execution or bypass security features. The most critical issue addressed is CVE-2024-43711.
  2. Adobe Connect: A total of 22 vulnerabilities, ranging from critical to important, have been fixed. These could potentially allow attackers to execute arbitrary code or escalate privileges.
  3. Adobe Animate: Over 10 high-severity vulnerabilities have been patched, which could enable unauthorized code execution.
  4. Acrobat and Reader: Six vulnerabilities have been addressed, preventing issues such as unauthorized code execution, denial of service (DoS) attacks, or memory leaks.
  5. Illustrator and Photoshop: Fixes include vulnerabilities that could allow code execution, enhancing the security of these products.
  6. Substance 3D Modeler and Sampler: Vulnerabilities leading to arbitrary code execution or DoS attacks have been resolved.
  7. Other Products: Updates for Premiere Pro, Bridge, FrameMaker, and After Effects include fixes for vulnerabilities that could be exploited for code execution.

While Adobe confirmed that no active exploits of these vulnerabilities have been detected, the company strongly recommends that users install the available patches as soon as possible to mitigate potential future risks.

Source https://www.securityweek.com/adobe-patches-over-160-vulnerabilities-across-16-products/