U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe Patch Tuesday updates for April 2019 address 43 flaws in its products

Adobe Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the eight products of the company. Adobe’s Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the Acrobat and Reader, Flash Player, Shockwave Player, Dreamweaver, XD, InDesign, Experience Manager Forms, and Bridge CC products. “Adobe has published […]

Adobe Reader

Adobe Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the eight products of the company.

Adobe’s Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the Acrobat and Reader, Flash Player, Shockwave Player, Dreamweaver, XD, InDesign, Experience Manager Forms, and Bridge CC products.

“Adobe has published security bulletins for Adobe Acrobat and Reader (APSB19-17), Adobe Flash Player (APSB19-19), Adobe Shockwave player (APSB19-20), Adobe Dreamweaver (APSB19-21), Adobe XD (APSB19-22), Adobe InDesign (APSB19-23) ,Adobe Experience Manager Forms (APSB19-24) and Adobe Bridge CC (APSB19-25).” reads the security advisory published by Adobe.

“Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.”

Adobe Patch Tuesday

Adobe addressed tens of flaws in Windows and macOS versions of Acrobat and Reader software, including critical memory corruption bugs that can be exploited for arbitrary code execution.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.” reads the advisory published by Adobe.

“These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user. ”

Adobe released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS, that address a critical and an important vulnerability in Adobe Flash Player. An attacker could exploitation the issue to get  arbitrary code execution in the context of the current user. 

Adobe also fixed critical memory corruption issues in Shockwave Player for Windows that can lead to arbitrary code execution and eight flaws Bridge CC digital asset management app.

“This update resolves multiple critical memory corruption vulnerabilities that could lead to arbitrary code execution in the context of the current user. 

Two of the flaws allow arbitrary code execution and have been rated “critical,” while the others can result in information disclosure and they have been rated “important.” Francis Provencher and Matt Powell reported these flaws to the company through Trend Micro’s Zero Day Initiative (ZDI).” reads the advisory published by Adobe.

The company also addressed a critical arbitrary code execution vulnerability in InDesign that results from the unsafe hyperlink processing.

Adobe confirmed that there is no evidence that any of these flaws have been exploited in attacks in the wild.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe, Adobe Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]