U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe Patch Tuesday updates fix code execution issues in Campaign, ColdFusion, and Flash

Adobe Patch Tuesday updates for June 2019 address several critical arbitrary code execution flaws in Flash Player, ColdFusion and Campaign products. Adobe Patch Tuesday security updates for June 2019 address some critical arbitrary code execution vulnerabilities in Flash Player, ColdFusion and Campaign products. Adobe fixed critical command injection, file extension blacklist bypass and deserialization vulnerabilities […]

Adobe Reader

Adobe Patch Tuesday updates for June 2019 address several critical arbitrary code execution flaws in Flash Player, ColdFusion and Campaign products.

Adobe Patch Tuesday security updates for June 2019 address some critical arbitrary code execution vulnerabilities in Flash Player, ColdFusion and Campaign products.

Adobe fixed critical command injection, file extension blacklist bypass and deserialization vulnerabilities in ColdFusion. The vulnerabilities could lead to arbitrary code execution on vulnerable systems. Below the list of flaws in ColdFusion fixed by Adobe:

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
File extension blacklist bypassArbitrary code executionCritical (see note below) CVE-2019-7838
Command InjectionArbitrary code executionCritical (see note below) CVE-2019-7839
Deserialization of untrusted dataArbitrary code executionCritical (see note below) CVE-2019-7840

The issues affect ColdFusion 2016, 2018 and 11.

Adobe credited Badcode of Knownsec 404 Team, Moritz Bechler of SySS GmbH, and Brenden Meeder of Booz Allen Hamilton for reporting the flaw.

Adobe also informed users that remote access to the Adobe LiveCycle Data Management feature has been disabled by default due to security risks.

Adobe Patch Tuesday security updates for June 2019 also address a critical use-after-free vulnerability (CVE-2019-7845) that could lead to arbitrary code execution. The flaw was anonymously reported via Trend Micro’s Zero Day Initiative.

“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player.” reads the security advisory. “Successful exploitation could lead to arbitrary code execution in the context of the current user. ”

Finally, Adobe addressed seven types of vulnerabilities in its Campaign product, including information disclosure, arbitrary file read, and code execution issues. The most severe vulnerability, tracked as CVE-2019-7850, is a critical command injection issue that could lead to arbitrary code execution.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe Patch Tuesday, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]