The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning to users of Adobe Premiere Pro and other Adobe products. According to CERT-In's most recent Vulnerability Note CIVN-2024-0213, many vulnerabilities have been discovered in various Adobe software versions, posing severe security threats to users. Adobe Premiere Pro, Adobe InDesign and Adobe Bridge are among the vulnerable software.
CERT-In has classed the detected vulnerabilities as ‘HIGH’ severity and advised users to take urgent action to secure their computers, including software updates. If this is not done, attackers can utilise the vulnerabilities to create memory leaks and execute arbitrary code on the target computers. Such exploits have serious repercussions, including data breaches, system breakdowns and unauthorised access to critical information.
According to CERT-In, the vulnerabilities found in Adobe products are the result of a number of fundamental flaws. Integer overflow or wraparound happens when an arithmetic operation surpasses the maximum size of the integer type used to store the data, causing unexpected behaviour or crashes. A heap-based buffer overflow occurs when data surpasses the buffer's limit in heap memory, possibly allowing attackers to run arbitrary code. Out-of-bounds write and read vulnerabilities arise when software reads or writes data outside of its allotted memory boundaries, resulting in data corruption, crashes or code execution. The untrusted search path vulnerability occurs when software searches for resources in untrusted directories, which can be used to execute malicious code.
These vulnerabilities impact the following versions of Adobe products- Versions of Adobe Premiere Pro previous to 24.4.1 for Windows and macOS, as well as 23.6.5 for Windows and macOS. Versions of Adobe InDesign previous to ID19.3 for Windows and macOS, as well as ID18.5.2 for Windows and macOS. Versions of Adobe Bridge previous to 13.0.7 for Windows and macOS, as well as 14.1 for Windows and macOS.
To reduce the risks associated with these vulnerabilities, CERT-In recommends users take the following actions-
Apply the latest updates provided by Adobe for the affected products.
Ensure that all software applications are regularly checked for updates and patches to address newly discovered vulnerabilities.
Only download software and updates from official Adobe websites or trusted sources.
Employ additional security measures such as firewalls, antivirus software.