U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Security

Adobe fixes flaws in Connect and Reader Mobile

Adobe addressed vulnerabilities in its Reader Mobile and Connect products, none of them is rated as critical severity. Adobe has released security patches to address vulnerabilities in its Reader Mobile and Connect products. “Adobe has published security bulletins for Adobe Connect (APSB20-69) and Adobe Reader Mobile (APSB20-71).  Adobe recommends users update their product installations to […]

Adobe Reader

Adobe addressed vulnerabilities in its Reader Mobile and Connect products, none of them is rated as critical severity.

Adobe has released security patches to address vulnerabilities in its Reader Mobile and Connect products.

“Adobe has published security bulletins for Adobe Connect (APSB20-69) and Adobe Reader Mobile (APSB20-71).  Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.” reads the security advisory published by the company.

In Connect, Adobe has addressed two important-severity reflected cross-site scripting (XSS) vulnerabilities that could lead arbitrary JavaScript execution in the browser-

Reflected cross-site scriptingArbitrary JavaScript execution in the browserImportantCVE-2020-24442
CVE-2020-24443

The flaws have been reported to Adobe by researchers Saulius Pranckevicius from Danske Bank Red Team (CVE-2020-24442) and Shaun Budding (@pudsec) (CVE-2020-24443).

The software giant addressed the flaw with the release of Connect 11.0.5.

In Adobe Reader Mobile for Android, the company addressed an important-severity improper access control flaw, tracked as CVE-2020-24441, that can lead to the disclosure of sensitive information.

The vulnerability was reported to Adobe by the security researcher Pedro Oliveira (@kanytu).

The good news is that the company is not aware of any attacks in the wild exploiting these vulnerabilities.

In early November, Adobe has addressed 14 vulnerabilities in its Acrobat products, including critical flaws that can be exploited by attackers for arbitrary code execution.

The vulnerabilities impact the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe )

[adrotate banner=”5″]

[adrotate banner=”13″]