Indian cyber agency alerts users of multiple bugs in Adobe products


New Delhi, Jun 16 (IANS): The Indian Computer Emergency Response Team (CERT-In) on Thursday issued an advisory over multiple vulnerabilities in Adobe products that could help hackers infiltrate into computer systems.

The bugs were reported in Adobe products like InDesign (along with earlier versions for Windows and macOS), InCopy, Illustrator, Bridge and Animate (and earlier versions for Windows and macOS).

"Multiple vulnerabilities have been reported in Adobe products which could allow an attacker to gain elevated privileges, execute arbitrary code, write arbitrary files on the file system and cause memory leak on the targeted system," said CERT-In which comes under the Ministry of Electronics and Information Technology (MeitY).

These vulnerabilities, according to the national cyber-security agency, exist in Adobe products due to "improper Input Validation, improper authorisation, heap-based buffer overflow, out-of-bounds Write, out-of-bounds read and use after free flaws".

An attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application, the advisory read.

Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, write arbitrary files on the file system and cause memory leak on the targeted system.

CERT-In advised users to install appropriate software updates as part of the Adobe security updates.

The cyber-security agency also reported multiple vulnerabilities in Citrix Application Delivery Management (ADM) products which could allow a remote attacker to cause security bypass and denial of service conditions on the targeted systems.

"This vulnerability exists in Citrix ADM due to improper access control. A remote attacker could exploit this vulnerability by sending a specially-crafted request to corrupt the system and reset the administrator password at the next device reboot," according to CERT-In.

Successful exploitation of this vulnerability could allow a remote attacker to bypass security and cause improper access control on an affected device, the agency added.

 

  

Top Stories


Leave a Comment

Title: Indian cyber agency alerts users of multiple bugs in Adobe products



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.