Alert GCSA-24161 - Adobe Monthly Security Update - Dicembre 2024


******************************************************************

Alert ID: GCSA-24161
Data: 12 Dicembre 2024
Titolo: Adobe Monthly Security Update - Dicembre 2024

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza
con i quali risolve vulnerabilita' multiple:

APSB24-69 : Security update available for Adobe Experience Manager
APSB24-92 : Security update available for Adobe Acrobat Reader
APSB24-93 : Security update available for Adobe Media Encoder
APSB24-94 : Security update available for Adobe Illustrator
APSB24-95 : Security update available for Adobe After Effects
APSB24-96 : Security update available for Adobe Animate
APSB24-97 : Security update available for Adobe InDesign
APSB24-98 : Security update available for Adobe PDFL SDK
APSB24-99 : Security update available for Adobe Connect
APSB24-100 : Security update available for Adobe Substance 3D Sampler
APSB24-101 : Security update available for Adobe Photoshop
APSB24-102 : Security update available for Adobe Substance 3D Modeler
APSB24-103 : Security update available for Adobe Bridge
APSB24-104 : Security update available for Adobe Premiere Pro
APSB24-105 : Security update available for Adobe Substance 3D Painter
APSB24-106 : Security update available for Adobe FrameMaker

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe Experience Manager (AEM) AEM Cloud Service (CS)
Adobe Experience Manager (AEM) 6.5.21 e precedenti
Acrobat Reader DC 24.005.20307 e versioni precedenti continuous
Acrobat Reader 2020 20.005.30730 e versioni precedenti (Windows) classic 2020
Acrobat Reader 2020 20.005.30710 e versioni precedenti (MacOS) classic 2020
Adobe Media Encoder 24.6.3 e versioni precedenti
Adobe Media Encoder 25.0 e versioni precedenti
Illustrator 2025 29.0.0 e versioni precedenti
Illustrator 2024 28.7.2 e versioni precedenti
Adobe After Effects 24.6.2 e versioni precedenti
Adobe After Effects 25.0.1 e versioni precedenti
Adobe Animate 2023 23.0.8 e versioni precedenti
Adobe Animate 2024 24.0.5 e versioni precedenti
Adobe InDesign ID19.5 e versioni precedenti
Adobe InDesign ID18.5.4 e versioni precedenti
Adobe PDFL Software Development Kit (SDK) PDFL SDK 21.0.0.5 e versioni precedenti
Adobe Connect 12.6 e versioni precedenti
Adobe Connect 11.4.7 e versioni precedenti
Adobe Substance 3D Painter 10.1.1 e versioni precedenti
Adobe Substance 3D Modeler 1.14.1 e versioni precedenti
Adobe Substance 3D Sampler 4.5.1 e versioni precedenti
Photoshop 2025 26.0 e versioni precedenti
Adobe Bridge 14.1.3 e versioni precedenti
Adobe Bridge 15.0 e versioni precedenti
Adobe Premiere Pro 25.0 e versioni precedenti
Adobe Premiere Pro 24.6.3 e versioni precedenti
Adobe FrameMaker 2020 Release Update 7 e versioni precedenti
Adobe FrameMaker 2022 Release Update 5 e versioni precedenti


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Rivelazione di informazioni (ID)
Acquisizione di privilegi piu' elevati (EoP)


:: Soluzioni

Aggiornare i prodotti software alle versioni piu' recenti.


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/Home.html
https://helpx.adobe.com/security.html/security/security-bulletin.html
https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html
https://helpx.adobe.com/security/products/acrobat/apsb24-92.html
https://helpx.adobe.com/security/products/media-encoder/apsb24-93.html
https://helpx.adobe.com/security/products/illustrator/apsb24-94.html
https://helpx.adobe.com/security/products/after_effects/apsb24-95.html
https://helpx.adobe.com/security/products/animate/apsb24-96.html
https://helpx.adobe.com/security/products/indesign/apsb24-97.html
https://helpx.adobe.com/security/products/pdfl-sdk1/apsb24-98.html
https://helpx.adobe.com/security/products/connect/apsb24-99.html
https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-100.html
https://helpx.adobe.com/security/products/photoshop/apsb24-101.html
https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html
https://helpx.adobe.com/security/products/bridge/apsb24-103.html
https://helpx.adobe.com/security/products/premiere_pro/apsb24-104.html
https://helpx.adobe.com/security/products/substance3d_painter/apsb24-105.html
https://helpx.adobe.com/security/products/framemaker/apsb24-106.html

CSIRT Italia
https://www.csirt.gov.it/contenuti/adobe-rilascia-aggiornamenti-per-sanare-molteplici-vulnerabilita-al04-241211-csirt-ita

CISA
https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products

CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2024-134

Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.



GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ1rEzgAKCRDBnEyTZRJg
QpRJAJ0dzEdHWJAQEQspeoJTTLEoo9IsPgCeKp02MgAZE3gFiWWqNvP5wsBiOrk=
=3w7x
-----END PGP SIGNATURE-----