The bugs were reported in Adobe products like InDesign (and earlier versions for Windows and macOS), InCopy, Illustrator, Bridge, and Animate (and earlier versions for Windows and macOS).
“Multiple vulnerabilities have been reported in Adobe products that could allow an attacker to gain elevated privileges, execute arbitrary code, write arbitrary files to the filesystem, and cause a memory leak on the targeted system,” said CERT-In, which depends on the Ministry of Electronics and Information Technology (MeitY).
These vulnerabilities, according to the National Cybersecurity Agency, exist in Adobe products due to “incorrect input validation, improper authorization, heap-based buffer overflow, write out of bounds, out of bounds reading and use after free faults”. “.
An attacker could exploit these vulnerabilities by tricking the victim into opening a specially crafted file or application, the advisory reads.
Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, write arbitrary files to the filesystem, and cause a memory leak on the targeted system.
CERT-In advised users to install appropriate software updates as part of Adobe security updates.
The cybersecurity agency also reported several vulnerabilities in Citrix Application Delivery Management (ADM) products that could allow a remote attacker to cause security bypass and denial of service conditions on targeted systems.
“This vulnerability exists in Citrix ADM due to improper access control. A remote attacker could exploit this vulnerability by sending a specially crafted request to corrupt the system and reset the administrator password on the next device reboot,” according to CERT-In.
Successful exploitation of this vulnerability could allow a remote attacker to bypass security and cause improper access control on an affected device, the agency added.