In October 2024, Adobe issued security updates to fix several vulnerabilities in Adobe Substance 3D Painter, Adobe Commerce, Adobe Dimension, Adobe Animate, Adobe Lightroom, Adobe InCopy, Adobe InDesign, Adobe Substance 3D Stager, and Adobe FrameMaker. Cyber attackers could exploit these flaws to gain control of an affected system.
Overview of October 2024 Security Updates
Adobe’s recent security updates address several critical vulnerabilities that pose serious risks, including arbitrary code execution and memory leaks. Here’s a breakdown of the critical updates:
- Adobe Substance 3D Painter
Advisory: APSB24-52
CVE: CVE-2024-20787
Severity: Important
Affected Version: Versions 10.0.1 and earlier versions
Impact: Memory leak
Solution: Adobe Substance 3D Painter version 10.1.0 - Adobe Commerce
Advisory: APSB24-73
CVE: CVE-2024-45115
Severity: Critical
Affected Version:
i. Adobe Commerce: 2.4.7-p2 and earlier, 2.4.6-p7 and earlier, 2.4.5-p9 and earlier, 2.4.4-p10 and earlier
ii. Adobe Commerce B2B: 1.4.2-p2 and earlier, 1.3.5-p7 and earlier, 1.3.4-p9 and earlier, 1.3.3-p10 and earlier
iii. Magento Open Source: 2.4.7-p2 and earlier, 2.4.6-p7 and earlier, 2.4.5-p9 and earlier, 2.4.4-p10 and earlier
Impact: Privilege escalation, Security feature bypass, Arbitrary code execution and Arbitrary file system read
Solution:
i. Adobe Commerce: 2.4.7-p3 for 2.4.7-p2 and earlier, 2.4.6-p8 for 2.4.6-p7 and earlier, 2.4.5-p10 for
2.4.5-p9 and earlier, 2.4.4-p11 for 2.4.4-p10 and earlier
ii. Adobe Commerce B2B: 1.4.2-p3 for 1.4.2-p2 and earlier, 1.3.5-p8 for 1.3.5-p7 and earlier, 1.3.4-p10 for 1.3.4-p9 and earlier, 1.3.3-p11 for 1.3.3-p10 and earlier
iii. Adobe Commerce B2B: Isolated patch for CVE-2024-45115 Compatible with all Adobe Commerce B2B versions between 1.3.3 – 1.4.2
iv. Magento Open Source: 2.4.7-p3 for 2.4.7-p2 and earlier, 2.4.6-p8 for 2.4.6-p7 and earlier, 2.4.5-p10 for 2.4.5-p9 and earlier, 2.4.4-p11 for 2.4.4-p10 and earlier - Adobe Dimension
Advisory: APSB24-74
CVEs: CVE-2024-45146 and CVE-2024-45150
Severity: Critical
Affected Version: Version 4.0.3 and earlier versions on Windows and macOS
Impact: Arbitrary code execution
Solution: Adobe Dimension 4.0.4 on Windows and macOS - Adobe Animate
Advisory: ASPB24-76
CVEs: CVE-2024-47410, CVE-2024-47411, CVE-2024-47412, CVE-2024-47413, CVE-2024-47414, CVE-2024-47415, CVE-2024-47416, CVE-2024-47417, CVE-2024-47418, CVE-2024-47419, CVE-2024-47420
Severity: Critical
Affected Version:
i. Adobe Animate 2023, version 23.0.7 and earlier versions on Windows and macOS
ii. Adobe Animate 2024, version 24.0.4 and earlier versions on Windows and macOS
Impact: Arbitrary code execution and Memory leak
Solution:
i. Adobe Animate 2023, version 23.0.8 on Windows and macOS
ii. Adobe Animate 2024, version 24.0.5 on Windows and macOS - Adobe Lightroom
Advisory: ASPB24-78
CVE: CVE-2024-45145
Severity: Important
Affected Version:
i. Lightroom: Version 7.4.1 and earlier versions
ii. Lightroom Classic: Version 13.5 and earlier versions
iii. Lightroom Classic (LTS): Version 12.5.1 and earlier versions
Impact: Memory leak
Solution:
i. Lightroom: Version 7.5
ii. Lightroom Classic: Version 13.5.1
iii. Lightroom Classic (LTS): 12.5.2 (LTS) - Adobe InCopy
Advisory: APSB24-79
CVE: CVE-2024-45136
Severity: Critical
Affected Version: Adobe InCopy Version 19.4 and earlier versions and Adobe InCopy version 18.5.3 and earlier versions on Windows and macOS
Impact: Arbitrary code execution
Solution: Adobe InCopy 19.5 and Adobe InCopy 18.5.4 on Windows and macOS - Adobe InDesign
Advisory: APSB24-80
CVE: CVE-2024-45137
Severity: Critical
Affected Version: Adobe InDesign version ID19.4 and earlier version and Adobe InDesign version ID18.5.3 and earlier versions on Windows and macOS
Impact: Arbitrary code execution
Solution: Adobe InDesign version ID19.5 and Adobe InDesign version ID18.5.4 on Windows and macOS - Adobe Substance 3D Stager
Advisory: APSB24-81
CVEs: CVE-2024-45138, CVE-2024-45139, CVE-2024-45140, CVE-2024-45141, CVE-2024-45142, CVE-2024-45143, CVE-2024-45144, CVE-2024-45152
Severity: Critical
Affected Version: Adobe Substance 3D Stager version 3.0.3 and earlier versions on Windows and macOS
Impact: Arbitrary code execution
Solution: Adobe Substance 3D Stager version 3.0.4 on Windows and macOS - Adobe FrameMaker
Advisory: APSB24-82
CVEs: CVE-2024-47421, CVE-2024-47422, CVE-2024-47423, CVE-2024-47424, CVE-2024-47425
Severity: Critical
Affected Version:
i. Adobe FrameMaker 2020 Release Update 6 and earlier on Windows
ii. Adobe FrameMaker 2022 Release Update 4 and earlier on Windows
Impact: Arbitrary code execution
Solution:
i. Adobe FrameMaker 2020 Update 7
ii. Adobe FrameMaker 2022 Update 5
The Adobe Critical Security Updates released in October 2024 address multiple high-risk vulnerabilities across several Adobe products. Updating to the latest versions is essential to safeguard your system from potential exploitation. Ensure your software is current to take advantage of these crucial patches and enhance your security posture.
Mitigate Critical Security Risks Before It’s Too Late with SanerNow
SecPod SanerNow CVEM is an all-in-one vulnerability and patch management solution that automatically detects, assesses, prioritizes, and remediates vulnerabilities across your network. Supporting all major operating systems and over 550 third-party applications, SanerNow ensures comprehensive protection.
With SanerNow, you can test patches before deployment, rollback if necessary, and fully automate the patching process, reducing the workload for your IT and security teams while keeping your systems secure.