Alert GCSA-24129 - Adobe Monthly Security Update - Ottobre 2024


******************************************************************

Alert ID: GCSA-24129
Data: 9 Ottobre 2024
Titolo: Adobe Monthly Security Update - Ottobre 2024

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza
con i quali risolve vulnerabilita' multiple, di cui una digravita' "critica"
e 29 di gravita' "alta".

APSB24-52 : Security update available for Adobe Substance 3D Painter
APSB24-73 : Security update available for Adobe Commerce
APSB24-74 : Security update available for Adobe Dimension
APSB24-76 : Security update available for Adobe Animate
APSB24-78 : Security update available for Adobe Lightroom
APSB24-79 : Security update available for Adobe InCopy
APSB24-80 : Security update available for Adobe InDesign
APSB24-81 : Security update available for Adobe Substance 3D Stager
APSB24-82 : Security update available for Adobe FrameMaker

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe Substance 3D Painter 10.0.1 e precedenti
Adobe Commerce 2.4.7-p2 e precedenti
Adobe Commerce 2.4.6-p7 e precedenti
Adobe Commerce 2.4.5-p9 e precedenti
Adobe Commerce 2.4.4-p10 e precedenti
Adobe Commerce B2B 1.4.2-p2 e precedenti
Adobe Commerce B2B 1.3.5-p7 e precedenti
Adobe Commerce B2B 1.3.4-p9 e precedenti
Adobe Commerce B2B 1.3.3-p10 e precedenti
Magento Open Source 2.4.7-p2 e precedenti
Magento Open Source 2.4.6-p7 e precedenti
Magento Open Source 2.4.5-p9 e precedenti
Magento Open Source 2.4.4-p10 e precedenti
Adobe Dimension 4.0.3 e precedenti
Adobe Animate 2023 23.0.7 e precedenti
Adobe Animate 2024 24.0.4 e precedenti
Lightroom 7.4.1 e precedenti
Lightroom Classic 13.5 e precedenti
Lightroom Classic (LTS) 12.5.1 e precedenti
Adobe InCopy 19.4 e precedenti
Adobe InCopy 18.5.3 e precedenti
Adobe InDesign ID19.4 and earlier version
Adobe InDesign ID18.5.3 and earlier version
Adobe Substance 3D Stager 3.0.3 e precedenti
Adobe FrameMaker 2020 Release Update 6 e precedenti
Adobe FrameMaker 2022 Release Update 4 e precedenti


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Rivelazione di informazioni (ID)
Security Feature Bypass (SFB)
Privilege Escalation (PE)


:: Soluzioni

Aggiornare i prodotti software alle versioni piu' recenti.


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/Home.html
https://helpx.adobe.com/security.html/security/security-bulletin.html
https://helpx.adobe.com/security/products/substance3d_painter/apsb24-52.html
https://helpx.adobe.com/security/products/magento/apsb24-73.html
https://helpx.adobe.com/security/products/dimension/apsb24-74.html
https://helpx.adobe.com/security/products/animate/apsb24-76.html
https://helpx.adobe.com/security/products/incopy/apsb24-79.html
https://helpx.adobe.com/security/products/indesign/apsb24-80.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html
https://helpx.adobe.com/security/products/framemaker/apsb24-82.html

CSIRT Italia
https://www.csirt.gov.it/contenuti/adobe-rilascia-aggiornamenti-per-sanare-molteplici-vulnerabilita-al03-241009-csirt-ita

CISA
https://www.cisa.gov/news-events/alerts/2024/10/08/adobe-releases-security-updates-multiple-products

CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2024-112

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47425



GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZwZwJwAKCRDBnEyTZRJg
QjmtAJ9E8OqxfCM9RkkuKA9Cs8QLPsrsKACfemepeB3p2ahIKqCZqe17gxW5U6w=
=qX9d
-----END PGP SIGNATURE-----