Software maker Adobe on Tuesday released critical-severity patches for security defects in multiple enterprise-facing products and warned that both Windows and macOS are exposed to code execution attacks.
As part of its scheduled batch of Patch Tuesday releases, the company documented at least seven vulnerabilities affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge and urged users to immediately install available patches.
“Successful exploitation could lead to arbitrary code execution,” the company warned multiple times.
The raw details:
- Adobe Premiere Pro (CVE-2024-34123) — Affected Versions: 24.4.1 and earlier, 23.6.5 and earlier (Windows and macOS). Untrusted search path; CVSS 7.0/10.
- Adobe InDesign (CVE-2024-20781, CVE-2024-20782, CVE-2024-20783, CVE-2024-20785) — Affected Versions: ID19.3 and earlier, ID18.5.2 and earlier (Windows and macOS). Memory safety issues (CVSS 7.8/10).
- Adobe Bridge (CVE-2024-34139, CVE-2024-34140). Affected Versions:** 13.0.7 and earlier, 14.1 and earlier (Windows and macOS). Integer overflow, out-of-band read (CVSS 7.8).
Adobe said it was not aware of any exploits in the wild for any of the issues addressed this month.
Related: BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol
Related: SAP Patches High-Severity Vulnerabilities in PDCE, Commerce
Related: Adobe Ships Hefty Batch of Security Patches
Related: Adobe Adds Content Credentials and Firefly to Bug Bounty Program