CERT-In Issues Security Warning For Adobe Products
According to CERT-In’s warning, multiple vulnerabilities have been reported in Adobe products that could let attackers gain elevated privileges, execute arbitrary code, write arbitrary files on the file system and even cause memory leak on the targeted system.
The newly discovered vulnerabilities affect multiple Adobe products, including InDesign, InCopy, Illustrator, Bridge, Animate, and RoboHelp server. You can check the exact versions of the software affected below:
Adobe InDesign 17.2.1 and earlier versions for Windows and macOSAdobe InDesign 16.4.1 and earlier versions for Windows and macOSAdobe InCopy 17.2 and earlier version for Windows and macOSAdobe InCopy 16.4.1 and earlier version for Windows and macOSIllustrator 2022 26.0.2 and earlier versions for Windows and macOSIllustrator 2021 25.4.5 and earlier versions for Windows and macOSAdobe Bridge 12.0.1 and earlier versions for Windows and macOSAdobe Animate 22.0.5 and earlier versions for Windows and macOSRoboHelp Server RHS 11 (Update 3) and earlier versions for Windows
“These vulnerabilities exist in Adobe products due to improper Input Validation, improper authorization, heap-based buffer overflow, out-of-bounds Write, out-of-bounds read and use after free flaws,” explains the warning.
“An attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application. Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, write arbitrary files on the file system and cause memory leak on the targeted system,” the warning note added.
The advisory urges affected users to visit Adobe’s security bulletin page and install the relevant updates to prevent the attack. If you’re someone who uses Adobe products, you can check the security bulletin from here and update to the latest available version to stay safe.