Indian government has issued a high severity warning for users of Adobe softwares in the country. The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has now issued an alert for Adobe services users in India. As per CERT-In, multiple vulnerabilities have been discovered in various Adobe products which could be exploited by an attacker to execute arbitrary code, gain elevated privileges, bypass security features, read arbitrary files and cause memory leaks on the target system.
Also read: Android 15 roll out begins: Compatible devices, new features, and more
Why Adobe users are at risk
As per CERT-In, multiple vulnerabilities exist in Adobe products due to out-of-bounds read, out-of-bounds write, untrusted search path, unrestricted upload of file with dangerous type, integer overflow or wraparound, integer underflow (wrap or wraparound), use after free errors, heap-based buffer overflow, write-what-where condition, stack-based buffer overflow, information exposure, improper authentication, improper authorisation, improper access control, server-side request forgery (SSRF), time-of-check time-of-use (TOCTOU) race condition and cross-site scripting issues.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security features, read arbitrary files and cause memory leaks on the target system.
Also read: iPhone SE 4 launch soon: Why it may be a big push for Apple Intelligence
How users can stay safe
To avoid any swindling, Adobe users need to apply appropriate updates as mentioned in Adobe security bulletin.
Adobe products with vulnerabilities
• Adobe FrameMaker 2020 Release Update 6 and earlier for Windows
• Adobe FrameMaker 2022 Release Update 4 and earlier for Windows
• Adobe Substance 3D Stager 3.0.3 and earlier versions for Windows and macOS
• Adobe InDesign ID19.4 and earlier version for Windows and macoS
• Adobe InDesign ID18.5.3 and earlier version for Windows and macos
• Adobe InCopy 19.4 and earlier versions for Windows and macOS
• Adobe InCopy 18.5.3 and earlier versions for Windows and macoS
• Lightroom 7.4.1 and¿earlieriversionsie
• Lightroom Classic 13.5 and earlier versions
• Lightroom Classic (LTS) 12.5.1 and earlier versions
• Adobe Animate 2023 23.0.7 and earlier versions for Windows and macOS
• Adobe Animate 2024 24.0.4 and earlier versions for Windows and macOS
• Adobe Dimension 4.0.3 and earlier versions for Windows and macOS
• Adobe Commerce 2.4.7-p2 and earlier versions
• Adobe Commerce 2.4.6-7 and earlier versions
• Adobe Commerce 2.4.5-p9 and earlier versions
• Adobe Commerce 2.4.4-p10 and earlier versions
• Adobe Commerce B2B 1.4.2-p2 and earlier versions
• Adobe Commerce B2B 1.3.5-p7 and earlier versions
• Adobe Commerce B2B 1.3.4-p9 and earlier versions
• Adobe Commerce B2B 1.3.3-p10 and earlier versions
• Adobe Commerce B2B between 1.3.3 – 1.4.2 and earlier versions
• Magento Open Source 2.4.7-p2 and earlier versions
• Magento Open Source 2.4.6-7 and earlier versions
• Magento Open Source 2.4.5-p9 and earlier versions
• Magento Open Source 2.4.4-p10 and earlier versions
• Adobe Substance 3D Painter 10.0.1 and earlier versions
