Categories
Full Text Articles - Audio Posts

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Spread the news

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS.

Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems.

The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45112 (CVSS score of 8.6).

The vulnerability CVE-2024-41869 is a Use After Free issue while the flaw CVE-2024-45112 is a Type Confusion’ bug. An attacker can exploit these vulnerabilities for arbitrary code execution.

Vulnerability Category Vulnerability Impact Severity CVSS base score CVSS vector CVE Number
Use After Free (CWE-416) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-41869
 
Access of Resource Using Incompatible Type (‘Type Confusion’) (CWE-843) Arbitrary code execution Critical 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2024-45112

CVE-2024-45112 was reported by an anonymous researcher and the researcher Haifei Li of EXPMON and Check Point Research reported the flaw CVE-2024-41869.

The company also fixed the following critical flaws in Photoshop

Vulnerability Category Vulnerability Impact Severity CVSS base score  CVSS vector CVE Number
Heap-based Buffer Overflow (CWE-122) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-43756
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-43760
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-45108
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-45109
Out-of-bounds Read (CWE-125) Memory leak Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2024-45110

and in the Illustrator software

Vulnerability Category Vulnerability Impact Severity CVSS base score  CVSS vector CVE Numbers
Integer Underflow (Wrap or Wraparound) (CWE-191) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-41857
Integer Overflow or Wraparound (CWE-190) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-34121
Improper Input Validation (CWE-20) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-41856
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-45114
Use After Free (CWE-416) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-43758
Out-of-bounds Read (CWE-125) Memory leak Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2024-45111
NULL Pointer Dereference (CWE-476) Application denial-of-service Moderate 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2024-43759

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe)


Spread the news
Categories
Newscasts

2AM ET 09/12/2024 Newscast

Spread the news

2AM ET 09/12/2024 Newscast
Learn more about your ad choices. Visit megaphone.fm/adchoices

Spread the news
Categories
Newscasts

VOA Newscasts

Spread the news

Give us 5 minutes, and we’ll give you the world. Around the clock, Voice of America keeps you in touch with the latest news. We bring you reports from our correspondents and interviews with newsmakers from across the world.

Spread the news
Categories
Newscasts

Dodgers hit 4 homers in 1st, then rally to beat Cubs 10-8. Ohtani homers and steals a base

Spread the news

The Dodgers homer five times in defeating the Cubs in a wild game. AP correspondent Dave Ferry reports

Spread the news
Categories
Newscasts

The latest in sports

Spread the news

The marriage of television and the NFL outdoes itself in the 2024 season’s opening week, the Mets and Yankees come through with late-game dramatics, and the WNBA has a new single-season scoring record. Correspondent Bruce Morton reports.

Spread the news
Categories
Newscasts

Bryan Woo carries a perfect game into the 7th inning as the Mariners top the Padres 5-2

Spread the news

The Mariners get six perfect innings from one of their top starters. AP correspondent Dave Ferry reports.

Spread the news
Categories
Newscasts

Yastrzemski knocks in four runs, Snell strikes out eight as Giants rout Brewers 13-2

Spread the news

The Giants attack early in a rout of the Brewers. AP correspondent Dave Ferry reports.

Spread the news
Categories
Newscasts

1AM ET 09/12/2024 Newscast

Spread the news

1AM ET 09/12/2024 Newscast
Learn more about your ad choices. Visit megaphone.fm/adchoices

Spread the news
Categories
Newscasts

Yankees edge Royals 4-3 in 11 innings on infield single by Jazz Chisholm Jr.

Spread the news

The Yankees stretch their lead in the AL East to 1 1/2 games over the Orioles. Correspondent Owen Russell reports.

Spread the news
Categories
Newscasts

12AM ET 09/12/2024 Newscast

Spread the news

12AM ET 09/12/2024 Newscast
Learn more about your ad choices. Visit megaphone.fm/adchoices

Spread the news