U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe fixes over a dozen flaws in Media Encoder, Download Manager

Adobe has addressed over a dozen flaws in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download Manager products. Adobe has addressed over a dozen vulnerabilities in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion, and Download Manager products. “Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB20-33), Adobe Media Encoder (APSB20-36), […]

Adobe Reader

Adobe has addressed over a dozen flaws in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download Manager products.

Adobe has addressed over a dozen vulnerabilities in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion, and Download Manager products.

“Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB20-33), Adobe Media Encoder (APSB20-36), Adobe Genuine Service (APSB20-42), Adobe ColdFusion (APSB20-43) and Adobe Download Manager (APSB20-49).” reads the post published by Adobe. “Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.”

Adobe has released a security update for the Adobe Download Manager for Windows that addresses a critical vulnerability, tracked as CVE-2020-9688, that could lead to arbitrary code execution.   

Adobe addresses critical and important vulnerabilities in Creative Cloud Desktop Application for Windows. The exploitation of the flaws could lead to arbitrary file system write and privilege escalation in the context of the current user.        

Below the vulnerability details:Vulnerability Details

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Lack of Exploit MitigationsPrivilege escalationImportant CVE-2020-9669
Insecure File permissionsPrivilege escalationImportantCVE-2020-9671  
Symlink vulnerabilityPrivilege escalationImportantCVE-2020-9670
Symlink vulnerabilityArbitrary file system writeCriticalCVE-2020-9682

Adobe also fixes two critical out-of-bounds write and an important out-of-bound read vulnerability in Adobe Media Encoder that could lead to arbitrary code execution and information disclosure respectively in the context of the current user.  

Below the list of vulnerability:

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Out-of-Bounds ReadInformation Disclosure      ImportantCVE-2020-9649
Out-of-bounds WriteArbitrary Code Execution CriticalCVE-2020-9650CVE-2020-9646

Adobe also addresses security updates for ColdFusion versions 2016 and 2018. 

“Adobe has released security updates for ColdFusion versions 2016 and 2018. These updates resolve multiple important vulnerabilities that could lead to privilege escalation.” states the advisory.

Finally, in ColdFusion 2016 and 2018, Adobe patched two important DLL hijacking vulnerabilities that can lead to privilege escalation.

Below the list of the issues patched by the company:

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
DLL search-order hijacking Privilege escalation ImportantCVE-2020-9672CVE-2020-9673

The good news is that Adobe is not aware of any attacks in the wild exploiting these vulnerabilities.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe)

[adrotate banner=”5″]

[adrotate banner=”13″]