Adobe Critical Security Updates June 2024

In June 2024, Adobe released security updates addressing 13 critical vulnerabilities in software like Experience Manager, Adobe Commerce, Photoshop, etc. In total, 168 security flaws were patched using a patch manager. These vulnerabilities could lead to various issues, such as arbitrary code execution, security feature bypasses, and memory leaks upon successful exploitation. The affected platforms primarily include Windows and macOS platforms.

In the Adobe Security Update of June 2024, Adobe Commerce was patched for seven critical and three important vulnerabilities. Adobe FrameMaker Publishing Server received fixes for two critical vulnerabilities. Additionally, Adobe Experience Manager, Adobe Substance 3D Stager, Adobe Photoshop, Creative Cloud Desktop Application, and Adobe Media Encoder each received fixes for one critical vulnerability.

Adobe Security Bulletin Summary for June 2024

Product: Adobe PhotoshopAdvisory/CVEs: APSB24-27Severity: CriticalAffected Version: Photoshop 2023 version 24.73 and earlier Photoshop 2024 version 25.7 and earlierImpact: Arbitrary code execution

Product: Adobe Experience ManagerAdvisory/CVEs: APSB24-28Severity: Critical and ImportantAffected Version: AEM Cloud Service (CS), version 6.5.20 and earlier Impact: Arbitrary code execution, Arbitrary file system read, and Security feature bypass.

Product: Adobe AuditionAdvisory/CVEs: APSB24-32Severity:  ImportantAffected Version: Adobe Audition – versions 24.4.1 and earlier, 23.6.6 and earlierImpact: Memory leak and Application denial-of-service

Product: Adobe Media EncoderAdvisory/CVEs: APSB24-34Severity:  ImportantAffected Version: Adobe Media Encounter – Versions 24.3 and earlier, 23.6.5 and earlierImpact: Memory leak

Product: Adobe FrameMaker Publishing ServerAdvisory/CVEs: APSB24-38Severity:  CriticalAffected Version: Adobe FrameMaker Publishing Server – Version 2022.2 and earlier, Version 2020 update 3 and earlierImpact: Privilege escalation

Product: Adobe CommerceAdvisory/CVEs: APSB24-40Severity: Critical and ImportantAffected Version: Adobe commerce – Versions 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, 2.4.4-p8 and earlier, 2.4.3-ext-7 and earlier*, 2.4.2-ext-7 and earlier*, 2.4.1-ext-7 and earlier*, 2.4.0-ext-7 and earlier*, and 2.3.7-p4-ext-7 and earlier*Magento Open Source – Versions 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlierAdobe Commerce Webhooks Plugin – Version 1.2.0 to 1.4.0Impact: Arbitrary code execution, Security feature bypass, and Privilege escalation

Product: Adobe ColdFusionAdvisory/CVEs: APSB24-41Severity: ImportantAffected Version: Adobe ColdFusion – Update 7 and earlier version, Update 13 and earlier versionImpact: Arbitrary file system read and Security feature bypass

Product: Adobe Substance 3D StagerAdvisory/CVEs: APSB24-43Severity: CriticalAffected Version: Adobe Substance 3D Stager – Version 2.1.4 and earlierImpact: Arbitrary code execution

Product: Adobe Creative Cloud Desktop Application Advisory/CVEs: APSB24-44Severity: Critical Affected Version: Creative Cloud Desktop Application  – Version 6.2.0.554 and earlierImpact: Arbitrary code execution, Security feature bypass, and Privilege escalation

In conclusion, the Adobe Security Update of June 2024 successfully addressed and resolved all the identified issues.

SecPod SanerNow CVEM is an integrated vulnerability and patch management solution that can detect, assess, prioritize and remediate vulnerabilities and other security risks in your network automatically. SanerNow supports all major OSs and 550+ 3rd party applications to cover all bases.

SanerNow provides complete provisions to test patches before deployment. Further, you can roll them back if necessary and completely automate the process to ease the burden on your IT and security teams.

Experience next-generation of patching with SanerNow. Schedule a Demo