The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk alert for users of Adobe Premiere Pro and other Adobe products. CERT-In’s latest report highlights multiple vulnerabilities across several Adobe software versions, including Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge, that pose significant security risks.
Key Details:
CERT-In has classified these vulnerabilities as “HIGH” severity and urges users to update their software immediately. Failure to address these issues could allow attackers to exploit systems, leading to memory leaks, arbitrary code execution, data breaches, system crashes, and unauthorized access to sensitive information.
Vulnerabilities Identified:
– Integer Overflow or Wraparound: This issue occurs when an arithmetic operation exceeds the integer type’s maximum size, potentially causing crashes or unexpected behavior.
– Heap-based Buffer Overflow: This vulnerability arises when data exceeds the buffer’s capacity in heap memory, potentially enabling attackers to execute arbitrary code.
– Out-of-bounds Write and Read: These vulnerabilities occur when software reads or writes data beyond allocated memory boundaries, leading to data corruption, crashes, or code execution.
– Untrusted Search Path: This issue arises when software searches for resources in untrusted directories, which can be exploited to execute malicious code.
Affected Adobe Products:
– Adobe Premiere Pro: Versions before 24.4.1 and 23.6.5 for both Windows and macOS.
– Adobe InDesign: Versions before ID19.3 and ID18.5.2 for both Windows and macOS.
– Adobe Bridge: Versions before 13.0.7 and 14.1 for both Windows and macOS.
Recommended Actions:
To protect against these vulnerabilities, users should promptly apply the latest updates from Adobe for the affected products. Regularly checking for updates and patches is essential to safeguard systems from known security threats. Ensure that software and updates are downloaded only from official Adobe websites or trusted sources to avoid compromised or malicious versions.
Additional security measures, such as firewalls, antivirus software, and intrusion detection systems, can provide extra protection against potential attacks. Regularly backing up important data is also crucial to minimize the impact of a potential security breach or system failure.