Adobe just released eight advisories addressing multiple vulnerabilities in Adobe Commerce, Experience Manager, Illustrator, Dimension, Creative Cloud, Substance 3D Stager, Photoshop, and ColdFusion products.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
What You Should Do
Apply necessary updates now. Visit the Adobe Security Pages to view the latest information and updates on the specific Adobe products affected. For reference, here is a list of Affected Systems:
- Adobe Commerce 2.4.4-p2 and earlier versions
- Adobe Commerce 2.4.4-p1 and earlier versions
- Magento Open Source 2.4.4-p2 and earlier versions
- Magento Open Source 2.4.4-p1 and earlier versions
- Adobe Experience Manager (AEM) AEM Cloud Service (CS)
- Adobe Experience Manager (AEM) 6.5.15.0 and earlier versions
- Illustrator 2023 27.2.0 and earlier versions for Windows and macOS
- Adobe Dimension 3.4.7 and earlier versions for Windows and macOS
- Creative Cloud Desktop Application 5.9.1 and earlier version for Windows
- Adobe Substance 3D Stager 2.0.0 and earlier versions for Windows and macOS
- Photoshop 2022 23.5.3 and earlier versions for Windows and macOS
- Photoshop 2023 24.1.1 and earlier versions for Windows and macOS
- ColdFusion 2018 Update 15 and earlier versions
Have additional questions? Contact a member of the BMT team.