CERT-In flags high-risk vulnerabilities in GitHub, Red Hat, Apple and Adobe products
Advisory warns of remote code execution, data theft and system compromise; developers, enterprises and end-users urged to urgently patch affected software.
ADVERTISEMENT
India’s cybersecurity watchdog CERT-In has issued a series of high-severity vulnerability advisories flagging serious security flaws across widely used products from GitHub, Red Hat, Apple and Adobe, warning that attackers could exploit them to execute arbitrary code, bypass security controls and compromise systems.
The advisories, issued on December 15 and 16, highlight risks spanning developer tools, enterprise servers, consumer operating systems and creative software, underscoring the expanding attack surface across both corporate and personal digital environments.
GitHub Copilot plugin exposed to code execution risk
In one of the most critical alerts, CERT-In warned of a high-risk remote code execution vulnerability in the GitHub Copilot plugin for JetBrains IDEs. According to the advisory, improper neutralisation of special characters during command execution could allow a local attacker to run arbitrary commands on a developer’s machine.
MeitY via CERT-In issues security alert for Chrome users on Windows and macOS
The impact could extend beyond individual workstations, potentially enabling credential theft, unauthorised code changes and lateral movement into connected repositories or build systems. CERT-In has urged developers and organisations using the plugin to apply updates released by Microsoft to address CVE-2025-64671.
Red Hat JBoss flaws threaten enterprise servers
CERT-In also flagged multiple high-severity vulnerabilities in Red Hat JBoss Enterprise Web Server across RHEL 7, 8 and 9. The flaws stem from improper URL normalisation, weaknesses in HTTP/2 stream handling and poor neutralisation of escape sequences.
If exploited through specially crafted requests, the vulnerabilities could allow remote attackers to bypass security restrictions, trigger denial-of-service conditions or execute arbitrary code—posing a significant risk to large enterprises running mission-critical Java-based applications. Red Hat has issued patches via its security errata.
Apple users face wide-ranging security risks
A separate advisory covered multiple vulnerabilities across Apple’s ecosystem, including iOS, iPadOS, macOS, watchOS, tvOS, visionOS and Safari, affecting versions prior to recent security updates.
Centre seeks answers from Apple after new wave of spyware alerts hits Indian users
CERT-In warned that these flaws could lead to sensitive information disclosure, elevation of privileges, memory corruption and security restriction bypasses. The affected devices include recent iPhones, iPads and Macs, raising concerns about malware propagation, data theft and system crashes if updates are delayed.
Adobe vulnerabilities rated ‘critical’
The most extensive advisory related to critical vulnerabilities in Adobe products, including Acrobat, Reader, Creative Cloud Desktop, ColdFusion and Adobe Experience Manager.
CERT-In noted that weaknesses such as improper input validation, deserialisation of untrusted data, insufficient credential protection and buffer overflows could allow attackers to gain elevated privileges, execute arbitrary code or disrupt services. The advisory applies to both Windows and macOS environments and affects enterprise deployments as well as individual users.
Adobe has released multiple security bulletins addressing the issues, and CERT-In has strongly recommended immediate patching.
The latest advisories reinforce concerns among cybersecurity experts about the increasing complexity of modern software stacks and the speed at which vulnerabilities can be weaponised. Developer tools, cloud-connected applications and widely deployed consumer platforms are now prime targets for attackers seeking scalable entry points.
CERT-In flags ‘high severity’ vulnerabilities in Zoom and Microsoft Edge; requests urgent updates
CERT-In has urged organisations, developers and individual users to prioritise updates, restrict exposure where possible and monitor systems for signs of compromise, warning that delayed remediation could result in significant operational and data security risks.
