Adobe Security Update for Premiere Pro, InDesign & Bridge

Adobe has released crucial security updates for its widely-used software products: Premiere Pro, InDesign, and Bridge.

The updates, identified as APSB24-46, APSB24-48, and APSB24-51, respectively, were initially posted and last updated on July 9, 2024.

EHA

These updates aim to address several vulnerabilities that could potentially be exploited by malicious actors, posing significant risks to users’ data and system integrity.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Latest Product Security Updates

Critical Vulnerability in Adobe Premiere Pro

Adobe has released updates for Adobe Premiere Pro for Windows and macOS to address a critical vulnerability. Successful exploitation of this vulnerability could lead to arbitrary code execution.

Affected Versions

ProductVersionPlatform
Adobe Premiere Pro24.4.1 and earlierWindows, macOS
Adobe Premiere Pro23.6.5 and earlierWindows, macOS

Vulnerability Details

Vulnerability CategoryVulnerability ImpactSeverityCVSS base scoreCVE Numbers
Untrusted Search Path (CWE-426)
 
Arbitrary code executionCritical7.0CVE-2024-34123
 

Critical Vulnerabilities in Adobe InDesign

Adobe has released a crucial security update for InDesign, addressing several critical vulnerabilities that, if successfully exploited, could potentially lead to arbitrary code execution.

Affected Versions

ProductAffected versionPlatform
Adobe InDesignID19.3 and earlier version.Windows and macOS 
Adobe InDesignID18.5.2 and earlier version                                       Windows and macOS 

Vulnerability Details

Vulnerability CategoryVulnerability ImpactSeverityCVSS base scoreCVE Number
Heap-based Buffer Overflow (CWE-122)Arbitrary code executionCritical7.8CVE-2024-20781
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVE-2024-20782
Heap-based Buffer Overflow (CWE-122)Arbitrary code executionCritical7.8CVE-2024-20783
Heap-based Buffer Overflow (CWE-122)Arbitrary code executionCritical7.8CVE-2024-20785

Critical Vulnerabilities in Adobe Bridge 

Adobe has released a security update for Adobe Bridge, addressing critical vulnerabilities that could lead to arbitrary code execution and memory leaks.

Affected Versions

ProductVersionPlatform
Adobe Bridge  13.0.7 and earlier versions Windows  and macOS
Adobe Bridge  14.1 and earlier versions Windows  and macOS

Vulnerability Details

Vulnerability CategoryVulnerability ImpactSeverityCVSS base scoreCVE Numbers
Integer Overflow or Wraparound (CWE-190)Arbitrary code executionCritical 7.8CVE-2024-34139
Out-of-bounds Read (CWE-125)Memory leak Important 5.5CVE-2024-34140

PSIRT’s Role in Security

The Product Security Incident Response Team (PSIRT) at Adobe has played a crucial role in implementing the company’s vulnerability disclosure program.

PSIRT provides a centralized point of contact for customers, partners, pen-testers, and security researchers to report security vulnerabilities in Adobe products and services.

By encouraging the external security community to disclose security issues privately, PSIRT minimizes risks to customers, Adobe’s infrastructure, and the brand.

This collaborative approach underscores Adobe’s commitment to maintaining the highest security standards for its users.

Adobe Premiere Pro, InDesign, and Bridge users are strongly advised to install these updates immediately to safeguard their systems.

The security patches address vulnerabilities that, if left unpatched, could be exploited to execute arbitrary code, leading to potential data breaches or system compromises.

Adobe’s latest product security updates provide detailed information and guidance on the reported security issues, ensuring users can take the necessary steps to protect their software and data.

Users can visit the official Adobe security page for more information on the latest security updates and to notify Adobe of any security issues.

Staying informed and proactive about software updates is crucial in today’s digital landscape, where security threats constantly evolve.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.