Major Adobe Security Flaws Allow Hackers To Launch Arbitrary Code Remotely

A product security incident response team (PSIRT) oversees a vulnerability disclosure program. For this, it has to serve as the primary point of contact for external reporters. These external reports are such as clients, suppliers, testers for penetration, and security investigators.

They provide a consistent method for reporting security flaws discovered in the organization's goods and services. They emphasize confidential disclosure to reduce the danger to user data, the organization's amenities, and its image.

Vulnerability Details

Security patches are now accessible for Adobe Experience Manager (AEM). It is beneficial for fixing serious vulnerabilities that attackers might use to execute arbitrary code or circumvent security protections. All versions of AEM Cloud Service (CS) including AEM and many more are vulnerable.

To reduce the risks, administrators should upgrade AEM to AEM Cloud Service Release 2024.03. It is also possible for them to upgrade to AEM 6.5 Service Pack 20.0. The matter of joy is that both are helpful in resolving the highlighted vulnerabilities.

The security upgrades were issued to address severe flaws in Adobe Premiere Pro for Windows and macOS. Later on, they might be used to execute arbitrary code on an affected machine.

Versions 24.1 and previous versions of Windows & macOS are insecure. This is why the Creative Cloud desktop software advises upgrading to version 24.2.1 (Windows/macOS) or 23.6.4 (Windows/macOS).

Adobe has published security upgrades. It is advantageous for addressing a severe flaw in ColdFusion versions 2023 and 2021. The best part is that it is quite easy to use them for accessing arbitrary file systems.

All ColdFusion 2023 versions prior to Update 6 are vulnerable. Apart from this, all ColdFusion 2021 versions prior to Update 12 are also unsafe. It recommends upgrading ColdFusion to Update 7 for 2023 and Update 13 for 2021. This way, it becomes more convenient to mitigate the risk, which Adobe has classified as priority 3.

Adobe Bridge versions 13.0.5 & 14.0.1, and for Windows and macOS, have a security upgrade. It allows you to address significant and important vulnerabilities.

Attackers might use the vulnerabilities to run arbitrary code on a victim's PC. As a result, it causes a memory leak. Ultimately, it is suggested that you upgrade to versions 13.0.6 or 14.0.2 by using the Creative Cloud desktop application.

Adobe also issued an update for security purposes. It allows the fixing of an important flaw (CVE-2024-20754) in Adobe Lightroom for macOS versions 7.1.2 and earlier. As an outcome, attackers get permission to make use of the unreliable search route danger. The key reason for using it is to install arbitrary code on a victim's computer. Along with this, it is helpful in gaining complete control of the system.

A security update has been issued for Windows and macOS. It addresses serious flaws not only in Adobe Animate versions 23.0.3 but also 24.0.

Attackers may exploit the weaknesses to execute arbitrary code. Besides, it also causes memory leaks on a target machine. Therefore, it is highly recommended to upgrade the most recent versions using the Creative Cloud desktop software or the Download Center. These versions include - 23.0.4 for 2023 and 24.0.1 for 2024.