Alert GCSA-24107 - Adobe Monthly Security Update - agosto 2024
******************************************************************
Alert ID: GCSA-24107
data: 14 agosto 2024
titolo: Adobe Monthly Security Update - agosto 2024
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato i seguenti aggiornamenti di sicurezza
con i quali risolve varie vulnerabilita', delle quali una con gravita' "critica"
e 33 con gravita' "alta".
APSB24-45 Adobe Illustrator
APSB24-47 Adobe Dimension
APSB24-49 Adobe Photoshop
APSB24-56 Adobe InDesign
APSB24-57 Adobe Acrobat Reader
APSB24-59 Adobe Bridge
APSB24-60 Adobe Substance 3D Stager
APSB24-61 Adobe Commerce
APSB24-64 Adobe InCopy
APSB24-65 Adobe Substance 3D Sampler
APSB24-67 Adobe Substance 3D Designer
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Adobe Illustrator
Adobe Dimension
Adobe Photoshop
Adobe InDesign
Adobe Acrobat Reader
Adobe Bridge
Adobe Substance 3D Stager
Adobe Commerce
Adobe InCopy
Adobe Substance 3D Sampler
Adobe Substance 3D Designer
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Acquisizione di privilegi piu' elevati (EoP)
Rivelazione di informazioni (ID)
Bypass delle funzionalita' di sicurezza (SFB)
:: Soluzioni
Aggiornare i prodotti software alle versioni piu' recenti.
Adobe Illustrator
Adobe Dimension
Adobe Photoshop
Adobe InDesign
Adobe Acrobat Reader
Adobe Bridge
Adobe Substance 3D Stager
Adobe Commerce
Adobe InCopy
Adobe Substance 3D Sampler
Adobe Substance 3D Designer
:: Riferimenti
Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/Home.html
https://helpx.adobe.com/security.html/security/security-bulletin.html
https://helpx.adobe.com/security/products/illustrator/apsb24-45.html
https://helpx.adobe.com/security/products/dimension/apsb24-47.html
https://helpx.adobe.com/security/products/photoshop/apsb24-49.html
https://helpx.adobe.com/security/products/indesign/apsb24-56.html
https://helpx.adobe.com/security/products/acrobat/apsb24-57.html
https://helpx.adobe.com/security/products/bridge/apsb24-59.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.html
https://helpx.adobe.com/security/products/magento/apsb24-61.html
https://helpx.adobe.com/security/products/incopy/apsb24-64.html
https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-67.html
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2024-091
CSIRT Italia
https://www.csirt.gov.it/contenuti/adobe-rilascia-aggiornamenti-per-sanare-molteplici-vulnerabilita-al02-240814-csirt-ita
Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.
Inseriamo soltanto quelli con gravita' "alta" e "critica"
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41865
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZrySDwAKCRDBnEyTZRJg
QlsrAKDdpqJf6SC4LlQxyEf4kfZIqrbmMgCeK4NppCr3nfST5f00i7JxTeSTtSs=
=nJGi
-----END PGP SIGNATURE-----
Alert ID: GCSA-24107
data: 14 agosto 2024
titolo: Adobe Monthly Security Update - agosto 2024
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato i seguenti aggiornamenti di sicurezza
con i quali risolve varie vulnerabilita', delle quali una con gravita' "critica"
e 33 con gravita' "alta".
APSB24-45 Adobe Illustrator
APSB24-47 Adobe Dimension
APSB24-49 Adobe Photoshop
APSB24-56 Adobe InDesign
APSB24-57 Adobe Acrobat Reader
APSB24-59 Adobe Bridge
APSB24-60 Adobe Substance 3D Stager
APSB24-61 Adobe Commerce
APSB24-64 Adobe InCopy
APSB24-65 Adobe Substance 3D Sampler
APSB24-67 Adobe Substance 3D Designer
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Adobe Illustrator
Adobe Dimension
Adobe Photoshop
Adobe InDesign
Adobe Acrobat Reader
Adobe Bridge
Adobe Substance 3D Stager
Adobe Commerce
Adobe InCopy
Adobe Substance 3D Sampler
Adobe Substance 3D Designer
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Acquisizione di privilegi piu' elevati (EoP)
Rivelazione di informazioni (ID)
Bypass delle funzionalita' di sicurezza (SFB)
:: Soluzioni
Aggiornare i prodotti software alle versioni piu' recenti.
Adobe Illustrator
Adobe Dimension
Adobe Photoshop
Adobe InDesign
Adobe Acrobat Reader
Adobe Bridge
Adobe Substance 3D Stager
Adobe Commerce
Adobe InCopy
Adobe Substance 3D Sampler
Adobe Substance 3D Designer
:: Riferimenti
Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/Home.html
https://helpx.adobe.com/security.html/security/security-bulletin.html
https://helpx.adobe.com/security/products/illustrator/apsb24-45.html
https://helpx.adobe.com/security/products/dimension/apsb24-47.html
https://helpx.adobe.com/security/products/photoshop/apsb24-49.html
https://helpx.adobe.com/security/products/indesign/apsb24-56.html
https://helpx.adobe.com/security/products/acrobat/apsb24-57.html
https://helpx.adobe.com/security/products/bridge/apsb24-59.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.html
https://helpx.adobe.com/security/products/magento/apsb24-61.html
https://helpx.adobe.com/security/products/incopy/apsb24-64.html
https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-67.html
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2024-091
CSIRT Italia
https://www.csirt.gov.it/contenuti/adobe-rilascia-aggiornamenti-per-sanare-molteplici-vulnerabilita-al02-240814-csirt-ita
Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.
Inseriamo soltanto quelli con gravita' "alta" e "critica"
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41865
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZrySDwAKCRDBnEyTZRJg
QlsrAKDdpqJf6SC4LlQxyEf4kfZIqrbmMgCeK4NppCr3nfST5f00i7JxTeSTtSs=
=nJGi
-----END PGP SIGNATURE-----