CVE-2024-43758: 
Adobe Illustrator vulnerability analysis and mitigation

CVE-2024-43758 is a Use After Free (UAF) vulnerability affecting Adobe Illustrator versions 28.6, 27.9.5 and earlier. The vulnerability was disclosed on September 13, 2024, and could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically opening a malicious file (NVD, CIS Advisory).

The vulnerability is classified as a Use After Free (UAF) issue, which occurs due to unchecked memory usage in Adobe Illustrator. It has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-416 (Use After Free) (NVD).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Depending on the user's privileges, an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer privileges may be less impacted than those with administrative rights (CIS Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to Illustrator 2023 version 27.9.6 or Illustrator 2024 version 28.7.1. The update is available through the Adobe Download Center (Adobe Advisory).

The vulnerability was discovered and reported by security researcher Francis Provencher (prl) through Adobe's public bug bounty program (Adobe Advisory).