Adobe has taken swift action to safeguard users by releasing critical patches for multiple products in response to severe vulnerabilities that could lead to arbitrary code execution on Windows and macOS platforms. The affected applications include Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge, each facing distinct security challenges outlined in the latest Patch Tuesday release.
Specifically, Adobe Premiere Pro versions 24.4.1 and earlier, as well as 23.6.5 and earlier, are vulnerable to an untrusted search path issue (CVE-2024-34123), posing a significant risk with a CVSS score of 7.0/10. Meanwhile, Adobe InDesign versions ID19.3 and earlier, and ID18.5.2 and earlier, suffer from multiple memory safety flaws (CVE-2024-20781, CVE-2024-20782, CVE-2024-20783, CVE-2024-20785) rated at 7.8/10 on the CVSS scale. Similarly, Adobe Bridge versions 13.0.7 and earlier, and 14.1 and earlier, are susceptible to integer overflow and out-of-band read vulnerabilities (CVE-2024-34139, CVE-2024-34140), also rated at 7.8/10.
In light of these findings, Adobe strongly advises all users to promptly update their software to the latest patched versions to mitigate the risk of exploitation. While the company has not identified any instances of these vulnerabilities being actively exploited in the wild, the potential for malicious actors to capitalize on these security gaps underscores the critical importance of timely updates and vigilant cybersecurity practices.
Adobe’s proactive approach in releasing these patches underscores its commitment to addressing potential security threats swiftly and effectively. Users are urged to prioritize installing these updates to ensure the integrity and security of their systems, particularly in enterprise environments where these applications are widely used for critical workflows.
Reference:
