2024-11-22
Platform: Adobe InDesign
Version: (not specified)
Vulnerability: Information Disclosure
Severity: Low
Date: November 22, 2024 (based on today’s date)
What Undercode Says:
A vulnerability (CVE-2024-49529) in Adobe InDesign allows attackers to potentially disclose sensitive information on affected systems. This vulnerability requires user interaction, meaning a target must visit a malicious webpage or open a malicious file.
The specific issue lies within the software’s handling of JP2 image files. An attacker can exploit this by providing specially crafted data that InDesign doesn’t properly validate. This can potentially lead to reading unintended memory locations, potentially revealing sensitive information.
However,
Adobe has released a security update (APSB24-91) that addresses this vulnerability. InDesign users are recommended to update their software as soon as possible.
References:
Reported By: Zerodayinitiative.com
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help