December 10, 2024 at 02:05PM
Adobe’s December 2024 Patch Tuesday updates addressed over 160 vulnerabilities across 16 products, notably Adobe Experience Manager and Adobe Animate. The patches include medium to critical severity issues, particularly concerning arbitrary code execution. While no known exploits exist, users are urged to apply the updates promptly for security.
### Meeting Takeaways: Adobe December 2024 Patch Tuesday Updates
1. **Vulnerability Overview**:
– A total of over **160 vulnerabilities** addressed across **16 Adobe products**.
2. **Adobe Experience Manager**:
– Approximately **90 vulnerabilities** patched.
– Majority categorized as **important-severity** (medium based on CVSS score).
– Some flaws allow **arbitrary code execution** and can **bypass security features**.
– **CVE-2024-43711** identified as the only **critical severity** vulnerability.
3. **Adobe Connect**:
– Fixed **22 vulnerabilities**, including several **critical and high-severity** issues capable of **arbitrary code execution** and **privilege escalation**.
4. **Adobe Animate**:
– Addressed over a dozen **critical issues** (high severity) leading to **arbitrary code execution**.
5. **InDesign**:
– Patched **nine vulnerabilities**, including those that permit **arbitrary code execution**.
6. **Substance 3D Products**:
– Substance 3D Modeler had **nine vulnerabilities** fixed, with potential **arbitrary code execution** or **DoS**.
– Substance 3D Sampler – **three arbitrary code execution** vulnerabilities patched.
– Substance 3D Painter – **two arbitrary code execution** vulnerabilities patched.
7. **Acrobat and Reader**:
– Six vulnerabilities fixed, leading to **code execution**, **DoS**, or **memory leaks**.
8. **Adobe Media Encoder**:
– Four vulnerabilities fixed, capable of **code execution** and **DoS attacks**.
9. **Illustrator**:
– Two vulnerabilities patched related to **code execution**.
10. **Other Products**:
– One vulnerability fixed in each of the following products: FrameMaker, Premiere Pro, Bridge, Photoshop, PDFL SDK, and After Effects—all leading to **code execution**.
11. **Exploitation Awareness**:
– Adobe reports no known **in-the-wild exploits** for the patched vulnerabilities.
– Users are encouraged to install the patches despite the low expected exploitation risk based on priority ratings.
### Recommendations:
– All users are advised to **apply the available patches** promptly.
### Related Updates:
– Mention of related vulnerabilities in **Adobe Commerce** and **Magento** products.