U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe fixes critical flaws in Magento, patch it immediately

Adobe security updates for August 2021 have addressed critical vulnerabilities in Magento and important bugs in Adobe Connect. Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important issues in Adobe Connect: APSB21-64 Security updates available for Magento APSB21-66 Security update available for Adobe Connect Multiple critical vulnerabilities could be […]

Magento 2.3.4

Adobe security updates for August 2021 have addressed critical vulnerabilities in Magento and important bugs in Adobe Connect.

Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important issues in Adobe Connect:

Multiple critical vulnerabilities could be exploited by attackers to gain arbitrary code execution. Magento has also released updates to fix 26 vulnerabilities, including ten pre-authentication vulnerabilities in Magento that can be exploited by an unauthenticated attacker. A remote attacker could exploit some of these vulnerabilities to gain code execution and take over the e-store.

At the time of this writing experts are not aware of attacks in the wild exploiting the above vulnerabilities, anyway administrators are recommended to update their installs as soon as possible.

Adobe also released an update for Adobe Reader that addresses 26 flaws, most of these are Out-Of-Bounds (OOB) Reads, but there are also some Use-After-Free (UAF), OOB Write, stack exhaustion, and memory corruption bugs addressed.

“One interesting bug being fixed here is CVE-2020-9697, which was found by ZDI Vulnerability Analysis Manager Abdul-Aziz Hariri. The reliable info disclosure leak appears to have existed for more than a decade. We’ll tweet out the proof-of-concept demonstration for this one tomorrow. Yes – the demo is short enough to fit in a tweet.” states the zero-day initiative.

Another interesting issue is a CVE-2020-9712 that could allow attackers to bypass HTML parsing mitigations within Acrobat Pro DC. The flaw could be triggered by an attacker to parse HTML documents remotely from within Acrobat. Adobe also released security fixes for a privilege escalation bug in Adobe Lightroom

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe)

[adrotate banner=”5″]

[adrotate banner=”13″]