CERT-In Issues High-Risk Warning for Adobe Premiere Pro and Other Adobe Products

The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning for users of Adobe Premiere Pro and other Adobe products. According to CERT-In's latest Vulnerability Note CIVN-2024-0213, multiple vulnerabilities have been identified in several Adobe software versions, posing significant security risks to users. The affected products include Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge.

Severity and Immediate Action

CERT-In has classified these vulnerabilities as "HIGH" severity and urges users to take immediate action to protect their systems by updating their software. If left unaddressed, these vulnerabilities could be exploited by attackers to cause memory leaks and execute arbitrary code on targeted systems, leading to severe consequences such as data breaches, system crashes, and unauthorized access to sensitive information.

Causes of the Vulnerabilities

According to CERT-In, the identified vulnerabilities in Adobe products stem from several underlying issues:

• Integer Overflow or Wraparound: This occurs when an arithmetic operation exceeds the maximum size of the integer type used to store the value, leading to unexpected behavior or crashes.

• Heap-based Buffer Overflow: This happens when data exceeds the buffer's capacity in the heap memory, potentially allowing attackers to execute arbitrary code.

• Out-of-bounds Write and Read: These vulnerabilities occur when software reads or writes data beyond the allocated memory boundaries, leading to data corruption, crashes, or code execution.

• Untrusted Search Path: This vulnerability arises when software searches for resources in directories that are not trusted, which can be exploited to execute malicious code.

List of Affected Adobe Software

The following versions of Adobe products are affected by these vulnerabilities:

• Adobe Premiere Pro:

  • Versions prior to 24.4.1 for Windows and macOS
  • Versions prior to 23.6.5 for Windows and macOS

• Adobe InDesign:

  • Versions prior to ID19.3 for Windows and macOS
  • Versions prior to ID18.5.2 for Windows and macOS

• Adobe Bridge:

  • Versions prior to 13.0.7 for Windows and macOS
  • Versions prior to 14.1 for Windows and macOS

Steps to Stay Safe

To mitigate the risks associated with these vulnerabilities, CERT-In recommends the following actions:

• Apply Latest Updates: Ensure you apply the latest updates provided by Adobe for the affected products. Keeping software up-to-date is crucial in protecting systems from known vulnerabilities.

• Regular Software Checks: Regularly check for updates and patches to address newly discovered vulnerabilities in all software applications.

• Trusted Sources: Only download software and updates from official Adobe websites or trusted sources to avoid the risk of downloading compromised or malicious versions.

• Additional Security Measures: Use additional security measures such as firewalls, antivirus software, and intrusion detection systems to provide an extra layer of protection against potential attacks.

• Regular Data Backups: Regularly back up important data to minimize the impact of a potential security breach or system failure.

Conclusion

These high-risk vulnerabilities underscore the importance of maintaining up-to-date software and employing robust security practices. By following CERT-In's recommendations, users can protect their systems from these critical threats and ensure a secure computing environment.