The US company Adobe is once again addressing a large number of security vulnerabilities on December Patchday 2024, after fixing several high-risk vulnerabilities last month. Specifically, security patches are available for Acrobat, Acrobat Reader, Animate, Connect, Experience Manager, InDesign, Illustrator, Media Encoder, Substance 3D Modeler, Substance 3D Painter, and Substance 3D Sampler. In total, there are approximately 160 vulnerabilities, with the majority of patches affecting Experience Manager.
"Adobe Experience Manager connects digital asset management, a powerful content management system, and digital enrollment to help your brand flourish," reads the vendor's website about the program that received the largest number of security patches in the December patchday. The CVE-2024-43711 vulnerability allows attackers to execute malicious code due to insufficient input validation. This vulnerability is rated as high risk, while the other vulnerabilities in Experience Manager are rated as medium risk.
Acrobat Reader also affected by security vulnerabilities
The widely used PDF program Adobe Acrobat Reader is also affected by several vulnerabilities, including CVE-2024-49530, which is rated high risk (via Heise Security). Both the Windows and macOS versions of Acrobat Reader, as well as the regular Adobe Acrobat program, are affected by this vulnerability, which allows attackers to execute malicious code on devices with Acrobat (Reader) installed.
Many of the other vulnerabilities are rated as critical by Adobe because they could also allow malicious code to be executed. For details on the affected software versions of the Adobe products listed above, please visit the vendor's security update website (click here to purchase McAfee+ Premium Individual Unlimited from Amazon US).
Are you a techie who knows how to write? Then join our Team! Wanted:
- News Writer (Romania based)
Details here
Source(s)
Adobe via Heise Security