Adobe Rolls Out Critical Security Updates Across Multiple Products – October 2024

In October 2024, Adobe issued security updates to fix several vulnerabilities in Adobe Substance 3D Painter, Adobe Commerce, Adobe Dimension, Adobe Animate, Adobe Lightroom, Adobe InCopy, Adobe InDesign, Adobe Substance 3D Stager, and Adobe FrameMaker. Cyber attackers could exploit these flaws to gain control of an affected system.

Adobe’s recent security updates address several critical vulnerabilities that pose serious risks, including arbitrary code execution and memory leaks. Here’s a breakdown of the critical updates:

1. Adobe Substance 3D PainterAdvisory: APSB24-52CVE:CVE-2024-20787Severity: ImportantAffected Version: Versions 10.0.1 and earlier versionsImpact: Memory leakSolution: Adobe Substance 3D Painter version 10.1.0
2. Adobe CommerceAdvisory: APSB24-73CVE:CVE-2024-45115Severity: CriticalAffected Version:i. Adobe Commerce: 2.4.7-p2 and earlier, 2.4.6-p7 and earlier, 2.4.5-p9 and earlier, 2.4.4-p10 and earlierii. Adobe Commerce B2B: 1.4.2-p2 and earlier, 1.3.5-p7 and earlier, 1.3.4-p9 and earlier, 1.3.3-p10 and earlieriii. Magento Open Source: 2.4.7-p2 and earlier, 2.4.6-p7 and earlier, 2.4.5-p9 and earlier, 2.4.4-p10 and earlierImpact: Privilege escalation, Security feature bypass, Arbitrary code execution and Arbitrary file system readSolution:i. Adobe Commerce: 2.4.7-p3 for 2.4.7-p2 and earlier, 2.4.6-p8 for 2.4.6-p7 and earlier, 2.4.5-p10 for 2.4.5-p9 and earlier, 2.4.4-p11 for 2.4.4-p10 and earlierii. Adobe Commerce B2B: 1.4.2-p3 for 1.4.2-p2 and earlier, 1.3.5-p8 for 1.3.5-p7 and earlier, 1.3.4-p10 for 1.3.4-p9 and earlier, 1.3.3-p11 for 1.3.3-p10 and earlieriii. Adobe Commerce B2B: Isolated patch for CVE-2024-45115 Compatible with all Adobe Commerce B2B versions between 1.3.3 – 1.4.2iv. Magento Open Source: 2.4.7-p3 for 2.4.7-p2 and earlier, 2.4.6-p8 for 2.4.6-p7 and earlier, 2.4.5-p10 for 2.4.5-p9 and earlier, 2.4.4-p11 for 2.4.4-p10 and earlier
3. Adobe DimensionAdvisory: APSB24-74CVEs:CVE-2024-45146 and CVE-2024-45150Severity: CriticalAffected Version: Version 4.0.3 and earlier versions on Windows and macOSImpact: Arbitrary code executionSolution: Adobe Dimension 4.0.4 on Windows and macOS
4. Adobe AnimateAdvisory: ASPB24-76CVEs: CVE-2024-47410, CVE-2024-47411, CVE-2024-47412, CVE-2024-47413, CVE-2024-47414, CVE-2024-47415, CVE-2024-47416, CVE-2024-47417, CVE-2024-47418, CVE-2024-47419, CVE-2024-47420Severity: CriticalAffected Version:i. Adobe Animate 2023, version 23.0.7 and earlier versions on Windows and macOSii. Adobe Animate 2024, version 24.0.4 and earlier versions on Windows and macOS   Impact: Arbitrary code execution and Memory leakSolution:i. Adobe Animate 2023, version 23.0.8 on Windows and macOSii. Adobe Animate 2024, version 24.0.5 on Windows and macOS 
5. Adobe LightroomAdvisory: ASPB24-78CVE:CVE-2024-45145Severity: ImportantAffected Version:i. Lightroom: Version 7.4.1 and earlier versionsii. Lightroom Classic: Version 13.5 and earlier versionsiii. Lightroom Classic (LTS): Version 12.5.1 and earlier versionsImpact: Memory leakSolution:i. Lightroom: Version 7.5ii. Lightroom Classic: Version 13.5.1iii. Lightroom Classic (LTS): 12.5.2 (LTS)
6. Adobe InCopyAdvisory: APSB24-79CVE: CVE-2024-45136Severity: CriticalAffected Version: Adobe InCopy Version 19.4 and earlier versions and Adobe InCopy version 18.5.3 and earlier versions on Windows and macOSImpact: Arbitrary code execution Solution: Adobe InCopy 19.5 and Adobe InCopy 18.5.4 on Windows and macOS
7. Adobe InDesignAdvisory: APSB24-80CVE: CVE-2024-45137Severity: CriticalAffected Version: Adobe InDesign version ID19.4 and earlier version and Adobe InDesign version ID18.5.3 and earlier versions on Windows and macOSImpact: Arbitrary code executionSolution: Adobe InDesign version ID19.5 and Adobe InDesign version ID18.5.4 on Windows and macOS
8. Adobe Substance 3D StagerAdvisory: APSB24-81CVEs: CVE-2024-45138, CVE-2024-45139, CVE-2024-45140, CVE-2024-45141, CVE-2024-45142, CVE-2024-45143, CVE-2024-45144, CVE-2024-45152Severity: CriticalAffected Version: Adobe Substance 3D Stager version 3.0.3 and earlier versions on Windows and macOS Impact: Arbitrary code executionSolution: Adobe Substance 3D Stager version 3.0.4 on Windows and macOS
9. Adobe FrameMakerAdvisory: APSB24-82CVEs:CVE-2024-47421, CVE-2024-47422, CVE-2024-47423, CVE-2024-47424, CVE-2024-47425Severity: CriticalAffected Version:i. Adobe FrameMaker 2020 Release Update 6 and earlier on Windowsii. Adobe FrameMaker 2022 Release Update 4 and earlier on WindowsImpact: Arbitrary code executionSolution:i. Adobe FrameMaker 2020 Update 7ii. Adobe FrameMaker 2022 Update 5

The Adobe Critical Security Updates released in October 2024 address multiple high-risk vulnerabilities across several Adobe products. Updating to the latest versions is essential to safeguard your system from potential exploitation. Ensure your software is current to take advantage of these crucial patches and enhance your security posture.

SecPod SanerNow CVEM is an all-in-one vulnerability and patch management solution that automatically detects, assesses, prioritizes, and remediates vulnerabilities across your network. Supporting all major operating systems and over 550 third-party applications, SanerNow ensures comprehensive protection.

With SanerNow, you can test patches before deployment, rollback if necessary, and fully automate the patching process, reducing the workload for your IT and security teams while keeping your systems secure.