A significant wave of security enhancements rolled out from Adobe this February, addressing a total of 44 vulnerabilities across a suite of creative applications. These updates, detailed in nine separate security bulletins, impact users of After Effects, Audition, Bridge, and several applications within the Substance 3D family, among others.
While the number of patched vulnerabilities is substantial, Adobe currently assesses the risk of active exploitation as low, assigning a priority level of 3 – indicating no known attacks are currently leveraging these weaknesses. This assessment applies to both Windows and macOS platforms, offering a broad level of reassurance to users.
The most extensive fixes are concentrated within After Effects, where a remarkable 15 vulnerabilities were addressed. These were identified and reported by external security researchers, highlighting the importance of collaborative security efforts. Thirteen of these are classified as critical, demanding immediate attention, while two are considered high risk.
Audition received six security updates, with one vulnerability flagged as critical. The DNG Software Development Kit (SDK) saw two critical vulnerabilities resolved, alongside two additional issues deemed high risk. These SDK updates are crucial for developers integrating Adobe technology into their own applications.
InDesign users should also update promptly, as one of the three patched vulnerabilities is critical. Bridge received updates addressing two critical security flaws, and Lightroom Classic had one critical vulnerability resolved. Each update reinforces the overall security posture of these widely used tools.
The Substance 3D suite also received considerable attention. Substance 3D Designer had seven vulnerabilities patched, two of which are critical. Substance 3D Stager addressed five critical vulnerabilities, while Substance 3D Modeler closed one vulnerability classified as high risk. These updates demonstrate Adobe’s commitment to securing its 3D design tools.
Users of affected Adobe products are strongly encouraged to install these updates as soon as possible. Prioritizing these security enhancements is a vital step in protecting creative projects and sensitive data from potential threats.
Here’s a quick reference to vulnerable and secured versions:
After Effects: Versions 25.6 and older are vulnerable, update to 25.6.4 or 26.0. (15 critical vulnerabilities)
Audition: Versions 25.3 and older are vulnerable, update to 25.6 or 26.0. (1 critical vulnerability)
Bridge: Versions 16.0.1 and older are vulnerable, update to 16.0.2. Versions 15.1.3 (LTS) and older are vulnerable, update to 15.1.4 (LTS). (2 critical vulnerabilities)
DNG SDK: Versions 1.7.1 build 2140 and older are vulnerable, update to 1.7.2 build 2410 and older. (4 critical vulnerabilities)
InDesign: Versions ID21.1 and older are vulnerable, update to ID21.2. Versions ID20.5.1 and older are vulnerable, update to ID20.5.2. (3 critical vulnerabilities)
Lightroom Classic: Version 15.1 and older are vulnerable, update to 15.1.1 or 14.5.2 LTS. (1 critical vulnerability)
Substance 3D Designer: Version 15.1.0 and older are vulnerable, update to 15.1.2. (7 critical vulnerabilities)
Substance 3D Modeler: Version 1.22.5 and older are vulnerable, update to 1.22.6. (1 high risk vulnerability)
Substance 3D Stager: Version 3.1.6 and older are vulnerable, update to 3.1.7. (5 critical vulnerabilities)