Adobe App At High Risk: The Indian Computer Emergency Response Team under the IT Ministry has issued a new warning for Adobe App users. This high severity warning is for users of Adobe After Effects and Adobe Creative Cloud.
According to the warning, an out-of-bounds write issue has been reported in Adobe After Effects, which can be used by remote attackers to insert an arbitrary code with reference to existing users.
The warning also mentions that an uncontrolled search path element issue has been reported in the Adobe Creative Cloud desktop app that can be exploited by remote attackers. This warning is for users who are using Adobe After Effects 22.1.1 and earlier versions and Adobe Creative Cloud desktop app 2.7.0.12 and earlier versions.
As per the IT Ministry’s warning, the problem with Adobe After Effects is caused by an out-of-bounds writing problem. A remote attacker can take advantage of this by creating a specially designed file and then tricking the user to open it using the affected software. Successful exploitation of this vulnerability can allow a remote attacker to insert arbitrary code in the context of the current one.
When it comes to Adobe Creative Cloud desktop applications, a vulnerability exists because of a problem with the uncontrolled search path element.
A remote attacker can take advantage of this vulnerability by creating a specially made .dil file on a remote SMB file share and then tricking the user to run the installer file from a remote share. This allows a remote attacker to insert an arbitrary code with reference to the current user.
To avoid this, users should update Adobe apps on their devices. The official website of the Indian Computer Emergency Response Team has a link that can guide the users to the updated pages of the above-mentioned apps.