In the latest cyber safety advisory issued 16 October 2024, the Indian Computer Emergency Response Team highlighted multiple vulnerabilities found in several Adobe software products. (Computer Emergency Response Team) CERT-In has categorized these discovered vulnerabilities as high threat level as it poses significant risks to users. The government’s security warns that if these vulgarities are exploited by hackers, then it could allow them to exploit targeted system weaknesses and gain unauthorized access to sensitive data.
According to CERT-In the vulnerabilities identified in Adobe products stem from various technical flaws, including out-of-bounds reads, integer overflow errors, and improper authentication and authorization mechanisms. Such issues pose a myriad of risks, including allowing cyber attackers to execute malicious code, bypass critical security features, read arbitrary files, and instigate memory leaks in the targeted system. This could further lead to data breaches, financial losses, and reputational damage.
“Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security features, read arbitrary files and cause memory leaks on the target system,” says CERT-In.
The identified vulnerabilities by CERT-In span a broad range of Adobe products, primarily affecting users of Adobe FrameMaker, InDesign, InCopy, Lightroom, Animate, and Adobe Commerce. Specific versions at risk include:
Adobe FrameMaker: 2020 Release Update 6 and earlier; 2022 Release Update 4 and earlier (Windows)
Adobe InDesign: ID19.4 and earlier; ID18.5.3 and earlier (Windows and macOS)
Adobe InCopy: 19.4 and earlier; 18.5.3 and earlier (Windows and macOS)
Lightroom: 7.4.1 and earlier; Lightroom Classic 13.5 and earlier
Adobe Animate: 2023 23.0.7 and earlier; 2024 24.0.4 and earlier (Windows and macOS)
Adobe Commerce: Various versions including 2.4.7-p2 and earlier across different B2B and Open Source editions.
To safeguard against these vulnerabilities, CERT-In is urging users to take immediate action and Update their Software’s. This is the most effective defense to apply the latest patches and updates released by Adobe. Users should consult the Adobe Security Bulletin for specific updates relevant to their software versions.
Additionally, it is advisable to:
— Regularly check and adjust security settings within Adobe products. Enable features that enhance protection against unauthorized access and file uploads.
— Deploy antivirus software to detect any unusual activity within Adobe applications. Early detection can minimizing potential damage to your systems in future.
— Regularly backup important files and data to secure locations. This ensures that even in the event of a cyber attack, critical information can be restored without significant disruption.
