Adobe released patches for multiple products-Nov’24

Originally posted: November 12, 2024

Adobe release various patches for the multiple products

Severity: Critical /High

• APSB24-77 : Security update available for Adobe Bridge
• APSB24-83 : Security update available for Adobe Audition
• APSB24-85 : Security update available for Adobe After Effects
• APSB24-86 : Security update available for Adobe Substance 3D Painter
• APSB24-87 : Security update available for Adobe Illustrator
• APSB24-88 : Security update available for Adobe InDesign
• APSB24-89 : Security update available for Adobe Photoshop
• APSB24-90 : Security update available for Adobe Commerce

APSB24-77 : Security update available for Adobe Bridge

Summary:  Adobe has released a security update for Adobe Bridge. This update addresses important vulnerabilities that could lead to memory leak and application denial-of-service. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

APSB24-83 : Security update available for Adobe Audition

Summary:  Adobe has released an update for Adobe Audition for Windows and macOS. This update resolves an important vulnerability that could lead to memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

APSB24-85 : Security update available for Adobe After Effects

Summary:  Adobe has released an update for Adobe After Effects for Windows and macOS.  This update addresses  critical and important security vulnerabilities.  Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

APSB24-86 : Security update available for Adobe Substance 3D Painter

Summary:  Adobe has released an update for Adobe Substance 3D Painter.  This update addresses critical and important vulnerabilities in Adobe Substance 3D Painter. Successful exploitation could lead to memory leak, arbitrary code execution and application denial-of-service. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

APSB24-87 : Security update available for Adobe Illustrator

Summary:  Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

APSB24-88 : Security update available for Adobe InDesign

Summary:  Adobe has released a security update for Adobe InDesign.  This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates

APSB24-89 : Security update available for Adobe Photoshop

Summary:  Adobe has released an update for Photoshop for Windows and macOS. This update resolves a critical vulnerability.  Successful exploitation could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

APSB24-90 : Security update available for Adobe Commerce

Summary:  Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves a critical vulnerability.  Successful exploitation could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

Reference Link

ADOBE

• https://helpx.adobe.com/security/products/bridge/apsb24-77.html?x-product=Helpx%2F1.0.0&x-product-location=Search%3AForums%3Alink%2F3.6.2
• https://helpx.adobe.com/security/products/audition/apsb24-83.html?x-product=Helpx%2F1.0.0&x-product-location=Search%3AForums%3Alink%2F3.6.2
• https://helpx.adobe.com/security/products/after_effects/apsb24-85.html?x-product=Helpx%2F1.0.0&x-product-location=Search%3AForums%3Alink%2F3.6.2
• https://helpx.adobe.com/security/products/incopy/apsb24-79.html?x-product=Helpx%2F1.0.0&x-product-location=Search%3AForums%3Alink%2F3.6.2
• https://helpx.adobe.com/security/products/illustrator/apsb24-87.html?x-product=Helpx%2F1.0.0&x-product-location=Search%3AForums%3Alink%2F3.6.2
• https://helpx.adobe.com/security/products/indesign/apsb24-88.html?x-product=Helpx%2F1.0.0&x-product-location=Search%3AForums%3Alink%2F3.6.2
• https://helpx.adobe.com/security/products/photoshop/apsb24-89.html?x-product=Helpx%2F1.0.0&x-product-location=Search%3AForums%3Alink%2F3.6.2
• https://helpx.adobe.com/security/products/magento/apsb24-90.html

CVE Name:

APSB24-77 : CVE-2024-45147, CVE-2024-47458
APSB24-83 : CVE-2024-47449, CVE-2024-49536
APSB24-85 : CVE-2024-47441,CVE-2024-47442, CVE-2024-47443, CVE-2024-47444, CVE-2024-47445, CVE-2024-47446
APSB24-86 : CVE-2024-45136
APSB24-87 : CVE-2024-45114, CVE-2024-47450, CVE-2024-47455, CVE-2024-47456, CVE-2024-47457,CVE-2024-47453, CVE-2024-47454,CVE-2024-47451, CVE-2024-47452
APSB24-88 : CVE-2024-49507, CVE-2024-49508, CVE-2024-49509,CVE-2024-49510, CVE-2024-49511, CVE-2024-49512
APSB24-89 : CVE-2024-49514
APSB24-90 : CVE-2024-49521

NOTE: The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 12^th-Nov-24 –  first advisory released. — fix patch released

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts