In June 2024, Adobe released security updates addressing 13 critical vulnerabilities in software like Experience Manager, Adobe Commerce, Photoshop, etc. In total, 168 security flaws were patched using a patch manager. These vulnerabilities could lead to various issues, such as arbitrary code execution, security feature bypasses, and memory leaks upon successful exploitation. The affected platforms primarily include Windows and macOS platforms.
In the Adobe Security Update of June 2024, Adobe Commerce was patched for seven critical and three important vulnerabilities. Adobe FrameMaker Publishing Server received fixes for two critical vulnerabilities. Additionally, Adobe Experience Manager, Adobe Substance 3D Stager, Adobe Photoshop, Creative Cloud Desktop Application, and Adobe Media Encoder each received fixes for one critical vulnerability.
Adobe Security Bulletin Summary for June 2024
Product: Adobe Photoshop
Advisory/CVEs: APSB24-27
Severity: Critical
Affected Version: Photoshop 2023 version 24.73 and earlier
Photoshop 2024 version 25.7 and earlier
Impact: Arbitrary code execution
Product: Adobe Experience Manager
Advisory/CVEs: APSB24-28
Severity: Critical and Important
Affected Version: AEM Cloud Service (CS), version 6.5.20 and earlier
Impact: Arbitrary code execution, Arbitrary file system read, and Security feature bypass.
Product: Adobe Audition
Advisory/CVEs: APSB24-32
Severity: Important
Affected Version: Adobe Audition – versions 24.4.1 and earlier, 23.6.6 and earlier
Impact: Memory leak and Application denial-of-service
Product: Adobe Media Encoder
Advisory/CVEs: APSB24-34
Severity: Important
Affected Version: Adobe Media Encounter – Versions 24.3 and earlier, 23.6.5 and earlier
Impact: Memory leak
Product: Adobe FrameMaker Publishing Server
Advisory/CVEs: APSB24-38
Severity: Critical
Affected Version: Adobe FrameMaker Publishing Server – Version 2022.2 and earlier,
Version 2020 update 3 and earlier
Impact: Privilege escalation
Product: Adobe Commerce
Advisory/CVEs: APSB24-40
Severity: Critical and Important
Affected Version: Adobe commerce – Versions 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, 2.4.4-p8 and earlier, 2.4.3-ext-7 and earlier*, 2.4.2-ext-7 and earlier*, 2.4.1-ext-7 and earlier*, 2.4.0-ext-7 and earlier*, and 2.3.7-p4-ext-7 and earlier*
Magento Open Source – Versions 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier
Adobe Commerce Webhooks Plugin – Version 1.2.0 to 1.4.0
Impact: Arbitrary code execution, Security feature bypass, and Privilege escalation
Product: Adobe ColdFusion
Advisory/CVEs: APSB24-41
Severity: Important
Affected Version: Adobe ColdFusion – Update 7 and earlier version, Update 13 and earlier version
Impact: Arbitrary file system read and Security feature bypass
Product: Adobe Substance 3D Stager
Advisory/CVEs: APSB24-43
Severity: Critical
Affected Version: Adobe Substance 3D Stager – Version 2.1.4 and earlier
Impact: Arbitrary code execution
Product: Adobe Creative Cloud Desktop Application
Advisory/CVEs: APSB24-44
Severity: Critical
Affected Version: Creative Cloud Desktop Application – Version 6.2.0.554 and earlier
Impact: Arbitrary code execution, Security feature bypass, and Privilege escalation
In conclusion, the Adobe Security Update of June 2024 successfully addressed and resolved all the identified issues.
Patch Critical Risks Before its Too Late with SanerNow
SecPod SanerNow CVEM is an integrated vulnerability and patch management solution that can detect, assess, prioritize and remediate vulnerabilities and other security risks in your network automatically. SanerNow supports all major OSs and 550+ 3rd party applications to cover all bases.
SanerNow provides complete provisions to test patches before deployment. Further, you can roll them back if necessary and completely automate the process to ease the burden on your IT and security teams.
Experience next-generation of patching with SanerNow. Schedule a Demo
