430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Do you use Adobe Flash Player? You should update it now!

Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities. According to the security advisory published by Adobe for Flash Player, the new version 26.0.0.137 patches three critical vulnerabilities, including a remote code execution flaw tracked as CVE-2017-3099 that can be exploited by attackers to take full control of affected systems. […]

Adobe Reader

Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities.

According to the security advisory published by Adobe for Flash Player, the new version 26.0.0.137 patches three critical vulnerabilities, including a remote code execution flaw tracked as CVE-2017-3099 that can be exploited by attackers to take full control of affected systems.

Adobe also the following important vulnerabilities:

  • Security Bypass issue tracked as CVE-2017-3080 that could result in information disclosure.
  • Memory Corruption tracked as CVE-2017-3100 that could result in Memory address disclosure.

Adobe credited Jihui Lu of Tencent KeenLab for finding the CVE-2017-3099 and the researchers “bo13oy” from Trend Micro’s Zero Day Initiative for the CVE-2017-3100 flaw.

Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities.

Adobe also patched three flaws in the Connect web conferencing software, the flaw affects the user interface and can be exploited for clickjacking attacks (CVE-2017-3101) and reflected and stored XSS attacks (CVE-2017-3102, CVE-2017-3103).

“Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively.  This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101).” reads the security advisory issued by Adobe.

Adobe credited Anas Roubi, Adam Willard of Raytheon Foreground Security, and Alexis Laborier for finding the issues, the company issued the release version 9.6.2 that fixed the problems.

Adobe declared that it is not aware of any attacks exploiting these vulnerabilities, but highlighted that details of the CVE-2017-3080 Flash Player flaw were publicly disclosed on July 3.

[adrotate banner=”9″]

Pierluigi Paganini 

(Security Affairs – Adobe, hacking)

[adrotate banner=”13″]