430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe addresses ‘Important’ Flaws in Connect, Digital Editions

Adobe’s Patch Tuesday security updates for January 2019 fix two flaws rated as “important” in the Connect and Digital Editions products. Adobe’s Patch Tuesday security updates for January 2019 fix two “important” vulnerabilities in the Connect and Digital Editions ebook reader products. The first flaw, tracked as CVE-2018-19718, is a session token exposure issue that […]

Adobe Reader

Adobe’s Patch Tuesday security updates for January 2019 fix two flaws rated as “important” in the Connect and Digital Editions products.

Adobe’s Patch Tuesday security updates for January 2019 fix two “important” vulnerabilities in the Connect and Digital Editions ebook reader products.

The first flaw, tracked as CVE-2018-19718, is a session token exposure issue that affects the Adobe Connect web conferencing software. The vulnerability could lead to the exposure of privileges granted to a session, it affects Adobe Connect version 9.8.1 and earlier for all platforms.

The second flaw, tracked as CVE-2018-12817, is an out-of-bounds read bug that affects the Digital Editions ebook reader software. The flaw can result in the disclosure of information in the context of the current user, it affects Adobe Digital Editions version 4.5.9 and earlier on Windows, macOS, iOS and Android platforms. The vulnerability was reported by Jaanus Kääp of Clarified Security.

The good news is that Adobe is not aware of cyber attacks in the wild exploiting the two flaws, experts believe that the likelihood of their exploitation is very low. Both flaws were rated as important and received a priority rating of 3.

On January 3, Adobe released security updates that address two critical vulnerabilities in the Acrobat and Reader products, a use-after-free issue and a security bypass flaw.

The flaws affect the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017 and Acrobat Reader DC 2017 for Windows and macOS.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe, Connect)

[adrotate banner=”5″] [adrotate banner=”13″]