CERT-In has issued a high-risk alert for users of Adobe Premiere Pro, InDesign, and Bridge due to multiple security vulnerabilities. Users are urged to update their software immediately to avoid potential threats.
The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk alert for users of Adobe Premiere Pro and other Adobe products. According to CERT-In's latest report, several Adobe software versions have multiple vulnerabilities that pose significant security threats. The affected products include Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge.
CERT-In has classified these vulnerabilities as "HIGH" severity and urges users to update their software immediately. If left unaddressed, these flaws could allow attackers to exploit systems, leading to memory leaks, arbitrary code execution, data breaches, system crashes, and unauthorized access to sensitive information.
The vulnerabilities stem from several underlying issues. One major problem is Integer Overflow or Wraparound, which occurs when an arithmetic operation exceeds the maximum size of the integer type, causing unexpected behavior or crashes. Another issue is Heap-based Buffer Overflow, where data exceeds the buffer's capacity in heap memory, potentially allowing attackers to execute arbitrary code. Out-of-bounds Write and Read vulnerabilities occur when software reads or writes data beyond the allocated memory boundaries, leading to data corruption, crashes, or code execution. Lastly, Untrusted Search Path arises when software searches for resources in untrusted directories, which can be exploited to execute malicious code.
The affected Adobe products include:
-Adobe Premiere Pro: Versions before 24.4.1 and 23.6.5 for both Windows and macOS.
-Adobe InDesign: Versions before ID19.3 and ID18.5.2 for both Windows and macOS.
-Adobe Bridge: Versions before 13.0.7 and 14.1 for both Windows and macOS.
To stay safe, users should apply the latest updates provided by Adobe for the affected products. Keeping software up-to-date is crucial in protecting systems from known vulnerabilities. Users should regularly check for updates and patches to address newly discovered vulnerabilities. It’s also essential to download software and updates only from official Adobe websites or trusted sources to avoid downloading compromised or malicious versions.
Additional security measures, such as firewalls, antivirus software, and intrusion detection systems, provide an extra layer of protection against potential attacks. Regularly backing up important data is also vital to minimize the impact of a potential security breach or system failure.