Download UpdateStar News | Adobe October 2024 Patch Day

Various Adobe applications are vulnerable. Newly available security updates close more vulnerabilities. Attackers can target Adobe After Effects, Audition, Bridge, Commerce, Illustrator, InDesign, Photoshop, or Substance 3D Painter.

In the worst case, malicious code can enter the systems. Administrators can find more information about the vulnerabilities and secure versions in the warnings linked below this message.

After Effects is vulnerable under macOS and Windows. The developers state here that they have closed six security vulnerabilities in versions 24.6.3 and 25.0. These include several vulnerabilities that attackers can use to push and execute malicious code on PCs (such as CVE-2024-47441 high). To do this, attackers must trigger out-of-bounds errors in an unspecified way.

Substance 3D Painter is also vulnerable to several malicious code vulnerabilities. Version 10.1.1 provides a fix for this for all platforms. Illustrator versions 28.7.2 and 29.0.0 under macOS and Windows are equipped to protect against malicious code attacks.

Malicious code can also enter and compromise systems through holes in InDesign. The developers have closed the vulnerabilities in versions ID18.5.3, ID18.5.4 and ID20.0. Photoshop 2023 24.7.4 and Photoshop 25.12 are also protected against malicious code execution (CVE-2024-49514 high).

Adobe does not explain how attacks might work in individual cases. There are also no reports of attacks already underway. Nevertheless, administrators should update the applications as soon as possible.