Adobe Creative Cloud Users Beware of New File Path Manipulation Vulnerability

CVECVE-2023-26358
CVSScvssV3_1: 8.6
SourceCVE-2023-26358

Adobe Creative Cloud, a popular suite of design and creativity tools, has been found to have a vulnerability that could allow attackers to execute malicious code on affected systems.

The issue, tracked as CVE-2023-26358, is an “Untrusted Search Path” vulnerability that exists in Creative Cloud version 5.9.1 and earlier. This means that the software uses external locations to find programs and files it needs to run, without properly verifying the contents.

Attackers could exploit this by modifying the search path to point to a file or program they control. Then, when the Creative Cloud application goes to launch a needed file, it could end up executing the malicious code instead. This grants the attacker potential access to sensitive data or full control of the affected computer.

To carry out such an attack, the victim would need to be tricked into opening a specially crafted file or visiting a compromised website. But once exploited, the consequences could be serious.

The best way to protect yourself is to ensure you have the latest version of Creative Cloud installed. Adobe has likely addressed this issue in newer releases. It’s also wise to be cautious about opening files from untrusted sources or websites until patches are widely deployed. Staying on top of software updates is one of the best defenses against vulnerabilities like this one.

References