Adobe vulnerabilities could help hackers: India issues warning

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory over multiple vulnerabilities in Adobe products that could help hackers attack computer systems.
Adobe MaxAdobe products like InDesign (along with earlier versions for Windows and macOS), InCopy, Illustrator, Bridge and Animate (and earlier versions for Windows and macOS) have bugs.

“Multiple vulnerabilities have been reported in Adobe products which could allow an attacker to gain elevated privileges, execute arbitrary code, write arbitrary files on the file system and cause memory leak on the targeted system,” CERT-In, which comes under the Ministry of Electronics and Information Technology (MeitY), said.

These vulnerabilities, according to the national cyber-security agency, exist in Adobe products due to improper Input Validation, improper authorisation, heap-based buffer overflow, out-of-bounds Write, out-of-bounds read and use after free flaws.

An attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application.

Exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, write arbitrary files on the file system and cause memory leak on the targeted system.

CERT-In advised users to install appropriate software updates as part of the Adobe security updates.

The cyber-security agency also reported multiple vulnerabilities in Citrix Application Delivery Management (ADM) products which could allow a remote attacker to cause security bypass and denial of service conditions on the targeted systems.

CERT-In said this vulnerability exists in Citrix ADM due to improper access control. A remote attacker could exploit this vulnerability by sending a specially-crafted request to corrupt the system and reset the administrator password at the next device reboot.

Exploitation of this vulnerability could allow a remote attacker to bypass security and cause improper access control on an affected device.