Cyber Security News

Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code

Adobe addressed critical security issues in ColdFusion and InDesign. Users should install security updates immediately to ensure system safety.

Stay informed and prioritize security maintenance to address potential threats.

Attackers can exploit the vulnerabilities to execute arbitrary code, cause memory leaks, and bypass features.

Adobe ColdFusion | APSB23-40

ColdFusion, developed by Adobe, is a platform for creating and deploying web and mobile applications.

Adobe released updates for ColdFusion versions 2023, 2021, and 2018 to resolve the Improper Access Control and Deserialization of Untrusted Data.

There are flaws in the ColdFusion that can allow an attacker to execute arbitrary code and bypass security features.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Improper Access Control (CWE-284)Security feature bypass
Deserialization of Untrusted Data (CWE-502)Arbitrary code executionCriticalCVE-2023-29300
Improper Restriction of Excessive Authentication Attempts (CWE-307)Security feature bypassImportantCVE-2023-29301

Affected versions

ProductUpdate number
ColdFusion 2018Update 16 and earlier versions 
ColdFusion 2021Update 6 and earlier versions
ColdFusion 2023GA Release (2023.0.0.330468)

Fixed Version

ProductUpdated Version
ColdFusion 2018Update 17
ColdFusion 2021Update 7
ColdFusion 2023Update 1

Adobe InDesign | APSB23-38

InDesign by Adobe is a tool for producing digital media like flyers, posters, stationery, slideshows, and other materials.

Update Adobe InDesign to protect against security vulnerabilities that can be exploited by attackers to execute arbitrary code and cause memory leaks.

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds Write (CWE-787)Arbitrary code executionCriticalCVE-2023-29308
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29309
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29310
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29311
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29312
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29313
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29314
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29315
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29316
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29317
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29318
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29319

Affected Versions

ProductAffected versionPlatform
Adobe InDesignID18.3 and earlier version.Windows and macOS
Adobe InDesignID17.4.1 and earlier version.                                        Windows and macOS

Patched Versions

ProductUpdated versionPlatformPriority rating
Adobe InDesignID18.4Windows and macOS3
Adobe InDesignID17.4.2Windows and macOS3

Adobe released further details about the flaw and credited security researchers for reporting the vulnerabilities.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

12 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago