AdobeREUTERS/Dado Ruvic/Illustration

Adobe Products are at high risk of cyber attack says govt, here is what you need to do

The Indian government's latest advisory warns users of significant vulnerabilities in Adobe products that could be exploited by cyber attackers.

by · India Today

In Short

  • CERT-In issues high risk warning for various Adobe software
  • The risk is posed due to multiple vulnerabilities
  • If exploited, these could pose significant risks to the targeted system

In the latest cyber safety advisory issued on October 16, 2024, the Indian Computer Emergency Response Team highlighted multiple vulnerabilities found in several Adobe software products. CERT-In has categorised these discovered vulnerabilities as high threat level as it poses significant risks to users. The government’s security warns that if these vulgarities are exploited by hackers, then it could allow them to exploit targeted system weaknesses and gain unauthorised access to sensitive data.

According to CERT-In the vulnerabilities identified in Adobe products stem from various technical flaws, including out-of-bounds reads, integer overflow errors, and improper authentication and authorization mechanisms. Such issues pose a myriad of risks, including allowing cyber attackers to execute malicious code, bypass critical security features, read arbitrary files, and instigate memory leaks in the targeted system. This could further lead to data breaches, financial losses, and reputational damage.

“Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security features, read arbitrary files and cause memory leaks on the target system,” says CERT-In.

Affected Adobe software

The identified vulnerabilities by CERT-In span a broad range of Adobe products, primarily affecting users of Adobe FrameMaker, InDesign, InCopy, Lightroom, Animate, and Adobe Commerce. Specific versions at risk include:

  • Adobe FrameMaker: 2020 Release Update 6 and earlier; 2022 Release Update 4 and earlier (Windows)
  • Adobe InDesign: ID19.4 and earlier; ID18.5.3 and earlier (Windows and macOS)
  • Adobe InCopy: 19.4 and earlier; 18.5.3 and earlier (Windows and macOS)
  • Lightroom: 7.4.1 and earlier; Lightroom Classic 13.5 and earlier
  • Adobe Animate: 2023 23.0.7 and earlier; 2024 24.0.4 and earlier (Windows and macOS)
  • Adobe Commerce: Various versions including 2.4.7-p2 and earlier across different B2B and Open Source editions.

How to protect your system

To safeguard against these vulnerabilities, CERT-In is urging users to take immediate action and Update their Softwares. This is the most effective defence to apply the latest patches and updates released by Adobe. Users should consult the Adobe Security Bulletin for specific updates relevant to their software versions.

Additionally, it is advisable to:

-- Regularly check and adjust security settings within Adobe products. Enable features that enhance protection against unauthorised access and file uploads.

-- Deploy antivirus software to detect any unusual activity within Adobe applications. Early detection can minimising potential damage to your systems in future.

-- Regularly backup important files and data to secure locations. This ensures that even in the event of a cyber attack, critical information can be restored without significant disruption.

Meta fires 24 employees for using company food vouchers to buy household groceries like tea and tapeMeta has terminated 24 employees from Los Angeles for misusing meal vouchers to purchase household items like tea, tape, detergent and more.Divya Bhati, 17 Oct 2024New iPad Mini vs iPad Mini 2021: 5 big upgradesApple has unveiled the iPad Mini 7th generation, bringing substantial upgrades like the A17 Pro chip and Apple Intelligence, expanded storage options and more over the 2021 model.Divya Bhati, 17 Oct 2024