adobe:  If you use these Adobe apps, you may be under ‘high’ risk - Times of India

adobe: If you use these Adobe apps, you may be under ‘high’ risk – Times of India

[ad_1]

The Indian Computer Emergency Response Team under the IT ministry has issued a new warning for Adobe apps users. The high severity warning is for users of Adobe After Effects and Adobe Creative Cloud. As per the warning, an out-of-bounds write issue has been reported in Adobe After Effects which could be exploited by a remote attacker to execute arbitrary code in the context of the current users. The warning also mentions that an Uncontrolled Search Path Element issue has been reported in Adobe Creative Cloud desktop app which could be exploited by a remote attacker. The warning is for users who are using Adobe After Effects 22.1.1 and earlier versions, and Adobe Creative Cloud desktop app 2.7.0.12 and earlier versions.
According to the warning, the vulnerability in Adobe After Effects exists due to an Out-of-bounds write issue. A remote attacker could exploit this vulnerability by creating a specially crafted file and then tricking the victim into opening it using the affected software. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code in the context of the current.
When it comes to Adobe Creative Cloud Desktop Application, the vulnerability exists due to an issue in Uncontrolled Search Path Element. A remote attacker could exploit this vulnerability by creating a specially crafted .dil file on a remote SMB file share and then tricking the victim into running the installer file from a remote share. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code in the context of the current user
To avoid the exploitation, users should update the Adobe apps on their devices. The Indian Computer Emergency Response Team’s official website has links that can guide you to the update pages for the above mentioned apps.



[ad_2]

Source link

Leave a Comment

Your email address will not be published.