Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Pierluigi Paganini September 12, 2024

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS.

Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems.

The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45112 (CVSS score of 8.6).

The vulnerability CVE-2024-41869 is a Use After Free issue while the flaw CVE-2024-45112 is a Type Confusion’ bug. An attacker can exploit these vulnerabilities for arbitrary code execution.

Vulnerability CategoryVulnerability ImpactSeverityCVSS base scoreCVSS vectorCVE Number
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-41869
 
Access of Resource Using Incompatible Type (‘Type Confusion’) (CWE-843)Arbitrary code executionCritical8.6CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HCVE-2024-45112

CVE-2024-45112 was reported by an anonymous researcher and the researcher Haifei Li of EXPMON and Check Point Research reported the flaw CVE-2024-41869.

The company also fixed the following critical flaws in Photoshop

Vulnerability CategoryVulnerability ImpactSeverityCVSS base score CVSS vectorCVE Number
Heap-based Buffer Overflow (CWE-122)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-43756
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-43760
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-45108
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-45109
Out-of-bounds Read (CWE-125)Memory leakImportant5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVE-2024-45110

and in the Illustrator software

Vulnerability CategoryVulnerability ImpactSeverityCVSS base score CVSS vectorCVE Numbers
Integer Underflow (Wrap or Wraparound) (CWE-191)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-41857
Integer Overflow or Wraparound (CWE-190)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34121
Improper Input Validation (CWE-20)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-41856
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-45114
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-43758
Out-of-bounds Read (CWE-125)Memory leakImportant5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVE-2024-45111
NULL Pointer Dereference (CWE-476)Application denial-of-serviceModerate3.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LCVE-2024-43759

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe)



you might also like

leave a comment