430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Take note, next week update Adobe Reader and Acrobat to fix critical flaws

Adobe announced that it will release security updates next week to patch vulnerabilities in Acrobat and Reader products for Windows and Mac. Adobe has announced yesterday, March 8, that it will release security updates next week to patch vulnerabilities in Acrobat and Reader products for Windows and Mac. We are speaking about critical vulnerabilities that fortunately are currently […]

Take note, next week update Adobe Reader and Acrobat to fix critical flaws

Adobe announced that it will release security updates next week to patch vulnerabilities in Acrobat and Reader products for Windows and Mac.

Adobe has announced yesterday, March 8, that it will release security updates next week to patch vulnerabilities in Acrobat and Reader products for Windows and Mac.

We are speaking about critical vulnerabilities that fortunately are currently not exploited in the wild, for this reason, the security team at Adobe has assigned a priority rating “2” to the vulnerabilities explaining that it’s unlikely that they will be abused by malicious actors in the near future.

Adobe has issued a prenotification advisory to explain which product versions are affected by the security vulnerabilities and anticipating the imminent release of security patches.

“Adobe is planning to release security updates on Tuesday, March 8, 2016 for Adobe Acrobat and Reader for Windows and Macintosh.” states the advisory “Users may monitor the latest information on the Adobe Product Security Incident Response Team (PSIRT) blog at https://blogs.adobe.com/psirt.”

In the following table are reported the affected versions and the priority rate assigned by Adobe:

Adobe Acrobat and Reader vulnerabilities

Adobe Acrobat and Reader are among the software most targeted by hackers in numerous attacks in the wild, the company is spending a significant effort in promptly fixing any reported security hole.

In January, Adobe released Acrobat and Reader updates to fix a total of 17 flaws, including use-after-free vulnerabilities (CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, CVE-2016-0941), a double-free flaw (CVE-2016-0935) that could lead to code execution,  and several memory corruption vulnerabilities that can be exploited for arbitrary code execution (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946).

Users are invited to update their software as soon as the security patches become available.

According to data provided by the CVE Details Adobe software are among the software with the highest number of vulnerabilities in 2015.

The data were provided by CVE Details, which manages data coming from the National Vulnerability Database (NVD). Common Vulnerabilities and Exposures (CVE) system tracks publicly disclosed security vulnerabilities.

The software with the major number of vulnerabilities is the Apple Mac OS X, that accounted for 384 vulnerabilities, followed by Apple iOS with 375 vulnerabilities. The Adobe Flash Player is just at third place with  314 vulnerabilities, followed by Adobe AIR SDK, with 246 vulnerabilities and Adobe AIR itself, also with 246 vulnerabilities.

Last year, Adobe patched a total of 460 vulnerabilities, including more than 100 in Acrobat and Reader.

Pierluigi Paganini

(Security Affairs – Adobe Acrobat, cybersecurity )