In the latest cybersecurity advisory issued on October 16, 2024, the Indian Computer Emergency Response Team highlighted multiple vulnerabilities found in several Adobe software products. CERT-In has classified these discovered vulnerabilities as high threat level as it poses significant risks to users. Government security warns that if these vulnerabilities are exploited by hackers, it could allow them to exploit targeted system vulnerabilities and gain unauthorized access to sensitive data.

According to CERT-In the vulnerabilities identified in Adobe products arise from various technical flaws, including out-of-bounds reads, integer overflow errors, and improper authentication and authorization mechanisms. Such issues create myriad risks, including allowing cyber attackers to execute malicious code, bypass critical security features, read arbitrary files, and provoke memory leaks in targeted systems. This can lead to data breaches, financial losses, and reputational damage.

CERT-In says, “Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security features, read arbitrary files, and cause a memory leak on the target system “

Affected Adobe Software

The vulnerabilities identified by CERT-In span a wide range of Adobe products, primarily affecting users of Adobe FrameMaker, InDesign, InCopy, Lightroom, Animate, and Adobe Commerce. Specific variants at risk include:

• Adobe FrameMaker: 2020 Release Update 6 and earlier; 2022 Release Update 4 and earlier (Windows)
• Adobe InDesign: ID19.4 and earlier; ID18.5.3 and earlier (Windows and macOS)
• Adobe InCopy: version 19.4 and earlier; 18.5.3 and earlier (Windows and macOS)
• Lightroom: 7.4.1 and earlier; Lightroom Classic 13.5 and earlier
• Adobe Animate: 2023 23.0.7 and earlier; 2024 24.0.4 and earlier (Windows and macOS)
• Adobe Commerce: Various versions, including 2.4.7-p2 and earlier, in various B2B and open source versions.

How to protect your system

To protect against these vulnerabilities, CERT-In is urging users to take immediate action and update their software. The most effective defense is to apply the latest patches and updates released by Adobe. Users should consult Adobe security bulletins for specific updates related to their software versions.

Additionally, it is advisable:

–Regularly check and adjust security settings within Adobe products. Enable features that increase security against unauthorized access and file uploads.

–Deploy antivirus software to detect any unusual activity within Adobe applications. Early detection can reduce potential damage to your system in the future.

– Back up important files and data regularly to secure locations. This ensures that even in the event of a cyber attack, critical information can be restored without any significant disruption.