Beware of Malicious Files Opening in Adobe InDesign!

CVECVE-2023-21590
CVSScvssV3_1: 7.8
SourceCVE-2023-21590

Adobe InDesign is a popular desktop publishing and page layout designing software. According to security researchers, versions 18.0 and earlier of Adobe Indesign are affected by a vulnerability that can allow hackers to execute malicious code on users’ computers.

The vulnerability, tracked as CVE-2023-21590, is an out-of-bounds memory write issue. This means hackers can craft special files that when opened in Adobe InDesign, can exploit the bug and overwrite memory locations to run malware code with the user’s privileges.

To exploit targeted users, hackers would need to trick them into opening a boobytrapped InDesign file, usually as an attachment in an email or downloaded from an untrusted source. This vulnerability is rated 7.8 out of 10 on the CVSS scale, making it a serious security risk.

If you are an Adobe InDesign user, you should update your software to the latest version as soon as possible. Be cautious of unsolicited files received over email or messaging apps and only download InDesign files from trusted sources. Following basic cybersecurity practices like keeping your software updated and avoiding suspicious files can help keep hackers at bay.

References