in

Adobe releases new security fixes for Connect, Reader Mobile

Adobe has released a small security update to resolve vulnerabilities in Connect and Reader Mobile. 

The tech giant’s standard monthly security release included two advisories; one relating to the Adobe Connect remote conferencing and collaboration tool, and the other to Reader Mobile, a mobile version of the firm’s .PDF document reader and manager. 

The first advisory details CVE-2020-24442 and CVE-2020-24443, two reflected cross-site scripting (XSS) issues in Connect. The bugs, considered “important,” can be exploited to execute arbitrary JavaScript code in a browser. 

See also: Adobe to buy marketing software firm Workfront for $1.5 billion

Adobe’s second security bulletin reveals a fix for CVE-2020-24441, an “important” bug in Reader that relates to improper access control. If exploited by an attacker, this vulnerability can lead to information disclosure. 

CNET: Ex-Microsoft engineer gets 9-year prison sentence for fraud scheme

Adobe thanked researchers Pedro Oliveira, Saulius Pranckevicius, and Shaun Budding for reporting these security issues privately. 

Last month, Adobe resolved a single vulnerability in its standard monthly update, a critical code execution issue found in Flash.

The company also released two out-of-band releases in October to fix critical security flaws in software including Magento, Photoshop, Illustrator, and InDesign. (1,2)

TechRepublic: DDoS attacks: How to combat the latest tactics

In related news, Microsoft’s Patch Tuesday security release tackled 112 vulnerabilities, including 24 remote code execution (RCE) bugs and a zero-day flaw currently being exploited in the wild. 

On November 9, Adobe announced the purchase of Workfront for $1.5 billion. The marketing firm’s content delivery and analytics solutions are destined to join Adobe’s Experience Cloud platform. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0



Source: Information Technologies - zdnet.com

Facebook link preview feature used as a proxy in website-scraping scheme

5G's mmWave enterprise revolution derailed by COVID-19