The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning for users of Adobe Premiere Pro and other Adobe products. According to CERT-In’s latest vulnerability note CIVN-2024-0213, multiple vulnerabilities have been found in several software versions of Adobe, posing a significant security risk to users. The affected products include Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge.

CERT-In has classified the identified vulnerabilities as “high” severity and urged users to take immediate action to protect their systems, including updating their software. If this is not done, the vulnerabilities could be exploited by attackers to cause memory leaks and execute arbitrary code on the targeted system. Such exploitation could lead to serious consequences, including data breaches, system crashes, and unauthorized access to sensitive information.

What causes these vulnerabilities?

According to CERT-In, the vulnerabilities identified in Adobe products arise from multiple underlying issues:

Integer overflow or wraparound: This type of vulnerability occurs when an arithmetic operation exceeds the maximum size of the integer type used to store the value, resulting in unexpected behavior or a crash.

Heap-based buffer overflow: This occurs when the data exceeds the capacity of the buffer in the heap memory, allowing attackers to execute arbitrary code.

Write and read out of range: These vulnerabilities arise when software reads or writes data beyond allocated memory boundaries, resulting in data corruption, crashes, or interruption of code execution.

Unreliable search paths: This vulnerability arises when software searches for resources in directories that are not trusted, which can be used to execute malicious code.

List of affected Adobe software

The following versions of Adobe products are affected by these vulnerabilities:

Adobe Premiere Pro:
– Versions prior to 24.4.1 for Windows and macOS
– Versions prior to 23.6.5 for Windows and macOS

Adobe InDesign:
– Versions prior to ID19.3 for Windows and macOS
– Versions prior to ID18.5.2 for Windows and macOS

Adobe Bridge:
– Versions prior to 13.0.7 for Windows and macOS
– Versions prior to 14.1 for Windows and macOS

How to stay safe?

To mitigate the risks associated with these vulnerabilities, CERT-In recommends users to take the following steps:

• Apply the latest updates provided by Adobe for affected products. Keeping software up to date is important to protect systems from known vulnerabilities.
• Ensure that all software applications are regularly checked for updates and patches to address newly discovered vulnerabilities.
• Download software and updates only from official Adobe websites or trusted sources to avoid the risk of downloading compromised or malicious versions.
• Adopt additional security measures such as firewalls, antivirus software, and intrusion detection systems to provide an additional layer of protection against potential attacks.
• Back up important data regularly to minimize the impact of a potential security breach or system failure.