Security Affairs
Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory […]

Adobe Adobe ColdFusion flaw CVE-2026-48282

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS.

Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems.

The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45112 (CVSS score of 8.6).

The vulnerability CVE-2024-41869 is a Use After Free issue while the flaw CVE-2024-45112 is a Type Confusion’ bug. An attacker can exploit these vulnerabilities for arbitrary code execution.

Vulnerability CategoryVulnerability ImpactSeverityCVSS base scoreCVSS vectorCVE Number
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-41869
 
Access of Resource Using Incompatible Type (‘Type Confusion’) (CWE-843)Arbitrary code executionCritical8.6CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HCVE-2024-45112

CVE-2024-45112 was reported by an anonymous researcher and the researcher Haifei Li of EXPMON and Check Point Research reported the flaw CVE-2024-41869.

The company also fixed the following critical flaws in Photoshop

Vulnerability CategoryVulnerability ImpactSeverityCVSS base score CVSS vectorCVE Number
Heap-based Buffer Overflow (CWE-122)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-43756
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-43760
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-45108
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-45109
Out-of-bounds Read (CWE-125)Memory leakImportant5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVE-2024-45110

and in the Illustrator software

Vulnerability CategoryVulnerability ImpactSeverityCVSS base score CVSS vectorCVE Numbers
Integer Underflow (Wrap or Wraparound) (CWE-191)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-41857
Integer Overflow or Wraparound (CWE-190)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34121
Improper Input Validation (CWE-20)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-41856
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-45114
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-43758
Out-of-bounds Read (CWE-125)Memory leakImportant5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVE-2024-45111
NULL Pointer Dereference (CWE-476)Application denial-of-serviceModerate3.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LCVE-2024-43759

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe)