Adobe has rolled out a massive security update, fixing over 200 vulnerabilities across its popular platforms, including Acrobat, Reader, AEM, InDesign, and Magento. In its latest security bulletin, the company has confirmed that none of these flaws are under active attack.
However, some are considered critical and could allow hackers to take control of systems if exploited. Yet, it’s important to keep in mind that the majority of the vulnerabilities require user interaction, like opening a malicious file. But the impact ranges from arbitrary code execution to privilege escalation. So, let’s take a closer look at everything that Adobe has fixed in its latest release.
What’s Been Fixed?
- Adobe Acrobat and Reader: The update addresses multiple high-risk bugs that could allow attackers to run arbitrary code or bypass security features. Make sure you’re running version 20.005.30774, 24.001.30254, or 25.001.20531 or later.
- Adobe Experience Manager (AEM): Several vulnerabilities were fixed in AEM versions earlier than 6.5.23, including improper access controls and stored XSS issues that could lead to code execution or data theft.
- Adobe Commerce (Magento Open Source): Adobe patched five serious issues in Magento, including privilege escalation and security bypass bugs. These are considered critical for e-commerce sites running on older versions of the platform.
- InDesign and InCopy: Both desktop publishing apps had multiple memory-related bugs, like heap overflows and use-after-free vulnerabilities. These could be exploited through crafted documents to execute code on a victim’s machine.
- Substance 3D Painter & Sampler: The 3D design tools had out-of-bounds write bugs fixed, closing off potential code execution paths if a malicious file is opened.
So that’s a wrap from one of Adobe’s biggest patch rollouts in recent times. It impacts nearly every aspect of the company’s product ecosystem. Although no active exploits have been reported, users and businesses should apply these updates immediately.
On a similar note, Adobe is renaming its “Creative Cloud All Apps” subscription to “Creative Cloud Pro” for North American customers. It will be effective from June 17, 2025. The new plan covers the majority of the core creative applications, including Photoshop, Illustrator, Premiere Pro, and Lightroom. Additionally, a new “Creative Cloud Standard” plan will be introduced, offering more limited AI and web/mobile access.
