Adobe has released security updates to address vulnerabilities affecting ColdFusion and InDesign. An attacker can exploit some of these vulnerabilities to take control of an affected system.

Affected Systems

The following systems are affected versions:

• Adobe InDesign ID18.3 and earlier version: for both Windows and macOS.

• Adobe InDesign ID17.4.1 and earlier version: for both Windows and macOS.

• ColdFusion 2018 update 16 and earlier versions: for all platform.

• ColdFusion 2021 Update 6 and earlier versions: for all platform.

• ColdFusion 2023 GA Release (2023.0.0.330468): for all platform.

Security Risks

Exploitation of vulnerabilities in Adobe ColdFusion and InDesign poses significant security risks that can grant attackers unauthorized control over affected systems. Mitigate this risk by promptly applying Adobe's security updates. Neglecting to do so exposes your systems to potential exploitation, compromising their integrity and security.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

1. Follow Adobe Security Advisories to lower the risk of potential exploits, protect systems, and ensure their security.

2. Apply the required and latest security updates as soon as possible.

     The released software version to upgrade to are:

• Adobe InDesign versions ID18.4: for Windows and macOS.

• Adobe InDesign versions ID17.4.2 : for Windows and macOS.

• ColdFusion 2018 versions 17: for all platform.

• ColdFusion 2021 versions 7 : for all platform.

• ColdFusion version 2023,0,01,330480 : for all platform.

3. Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

• https://helpx.adobe.com/security/products/indesign/apsb23-38.html