Adobe has released critical security updates for February, addressing a total of 44 vulnerabilities across nine of its creative applications. Of these, 27 are classified as critical, with the majority concentrated in After Effects, which alone required patches for 15 flaws—13 of them rated as critical.

The updates also cover Lightroom Classic, InDesign, Audition, Bridge, and the Substance 3D suite, including Designer, Modeler, and Stager. While Adobe has not identified any active exploits targeting these vulnerabilities, the company advises users to apply the patches as soon as possible to reduce exposure.

Despite the absence of reported attacks, the sheer number of critical flaws—particularly in After Effects—suggests that these issues could be leveraged in future campaigns. Adobe has assigned a priority level of 3 (the lowest) to all updates, indicating that while immediate action is not mandatory, delaying patches increases risk.

Adobe patches 44 vulnerabilities across creative apps—most critical flaws fixed in After Effects

Key updates by product

  • After Effects: 15 vulnerabilities fixed, including 13 critical. Affected versions: 25.6 and earlier. Updated versions: 25.6.4 or 26.0.
  • Lightroom Classic: 1 critical vulnerability patched. Affected versions: 15.1 and earlier. Updated versions: 15.1.1 or 14.5.2 (LTS).
  • InDesign: 3 vulnerabilities fixed, 1 critical. Affected versions: ID 21.1 and earlier or ID 20.5.1 and earlier. Updated versions: ID 21.2 or ID 20.5.2.
  • Substance 3D: Multiple critical flaws in Designer (7 total, 2 critical) and Stager (5 total, all critical). Modeler received 1 high-risk patch.

Adobe’s security bulletins for these updates are available through standard update channels. Users can verify their installed versions via the application’s Help > System Info menu and apply updates through the built-in updater.

While Adobe’s patches are the primary defense, maintaining additional security measures—such as antivirus software and network monitoring—remains advisable for users handling sensitive projects. The company has not provided further details on potential attack vectors, but the fixes align with recent trends of memory corruption and input validation flaws in creative software.