Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe issued security updates for 47 vulnerabilities in Acrobat DC and Reader

On Monday, Adobe issued security updates for 47 vulnerabilities in the Windows and macOS versions of Acrobat DC (Consumer and Classic 2015), Acrobat Reader DC (Consumer and Classic 2015), Acrobat 2017, and Acrobat Reader 2017. Many vulnerabilities are ranked as critical and could be exploited for arbitrary code execution. “Adobe has released security updates for Adobe Acrobat […]

Adobe Reader

On Monday, Adobe issued security updates for 47 vulnerabilities in the Windows and macOS versions of Acrobat DC (Consumer and Classic 2015), Acrobat Reader DC (Consumer and Classic 2015), Acrobat 2017, and Acrobat Reader 2017.

Many vulnerabilities are ranked as critical and could be exploited for arbitrary code execution.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities whose successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the security advisory published by Adobe.

Many of the security vulnerabilities were reported to Adobe through Trend Micro’s Zero Day Initiative (ZDI).

Adobe addressed the vulnerabilities with the release of versions 2018.011.20040, 2017.011.30080 and 2015.006.30418.

The vulnerabilities include 24 critical memory corruptions that could be exploited to execute arbitrary in the context of the targeted user and many other issues  such as Security Bypass and NTLM SSO hash theft ranked as “important.”

Adobe has credited independent researchers and experts from Cisco Talos, Check Point, Palo Alto Networks, Tencent, Knownsec 404 Security Team, ESET, Kaspersky, Cybellum, and Cure53 for the vulnerabilities in Acrobat and Reader releases.

Adobe announced the end of support for Acrobat and Reader 11.x on October 15, 2017, and that version 11.0.23 is the final release for these products.

Adobe has also released security updates to fix a flaw in the Windows and macOS versions of Photoshop CC.

“Adobe has released updates for Photoshop CC for Windows and macOS. These updates resolve a criticalvulnerability in Photoshop CC 19.1.3 and earlier 19.x versions, as well as 18.1.3 and earlier 18.x versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the security advisory.

Adobe Flash player

A few days ago, Adobe has released security updates to address several vulnerabilities in its products, including Flash Player, Creative Cloud and Connect products.

The security updates also address a Critical Code Execution vulnerability in Flash Player tracked as CVE-2018-4944. The flaw is a critical type confusion that could be exploited to execute arbitrary code, the good news is that Adobe has rated the flaw with a rating of “2” because the company considers not imminent the development of exploit code.

 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Adobe, cyber security)

[adrotate banner=”5″]

[adrotate banner=”13″]