The Indian Computer Emergency Response Team (CERT-In) issued a warning on Thursday about multiple vulnerabilities in Adobe products that could allow hackers to get access to computers.
InDesign (together with prior versions for Windows and macOS), InCopy, Illustrator, Bridge, and Animate were also affected (and earlier versions for Windows and macOS).
“Multiple vulnerabilities have been reported in Adobe products which could allow an attacker to gain elevated privileges, execute arbitrary code, write arbitrary files on the file system and cause a memory leak on the targeted system,” said CERT-In which comes under the Ministry of Electronics and Information Technology (MeitY).
According to the national cyber-security agency, Adobe products contain these flaws “improper Input Validation, improper authorisation, heap-based buffer overflow, out-of-bounds write, out-of-bounds read and use after free flaws”.
According to CERT-In, users should update their software as part of the Adobe security fixes.
An attacker could exploit these loopholes, according to the recommendation, by enticing a victim to open a specially prepared file or application. If these vulnerabilities are successfully exploited, an attacker might gain elevated privileges, execute arbitrary code, write arbitrary files to the file system, and create a memory leak on the targeted machine.
The cyber-security agency also discovered other vulnerabilities in Citrix Application Delivery Management (ADM) solutions, which might allow a remote attacker to bypass protection and cause denial of service conditions on the targeted systems.
“This vulnerability exists in Citrix ADM due to improper access control. A remote attacker could exploit this vulnerability by sending a specially-crafted request to corrupt the system and reset the administrator password at the next device reboot,” according to CERT-In.
If this vulnerability is effectively exploited, a remote attacker could bypass security and create erroneous access control on an affected device, according to the authorities.