Adobe has released a small security update to resolve vulnerabilities in Connect and Reader Mobile.
The tech giant’s standard monthly security release included two advisories; one relating to the Adobe Connect remote conferencing and collaboration tool, and the other to Reader Mobile, a mobile version of the firm’s .PDF document reader and manager.
The first advisory details CVE-2020-24442 and CVE-2020-24443, two reflected cross-site scripting (XSS) issues in Connect. The bugs, considered “important,” can be exploited to execute arbitrary JavaScript code in a browser.
See also: Adobe to buy marketing software firm Workfront for $1.5 billion
Adobe’s second security bulletin reveals a fix for CVE-2020-24441, an “important” bug in Reader that relates to improper access control. If exploited by an attacker, this vulnerability can lead to information disclosure.
CNET: Ex-Microsoft engineer gets 9-year prison sentence for fraud scheme
Adobe thanked researchers Pedro Oliveira, Saulius Pranckevicius, and Shaun Budding for reporting these security issues privately.
Last month, Adobe resolved a single vulnerability in its standard monthly update, a critical code execution issue found in Flash.
The company also released two out-of-band releases in October to fix critical security flaws in software including Magento, Photoshop, Illustrator, and InDesign. (1,2)
TechRepublic: DDoS attacks: How to combat the latest tactics
In related news, Microsoft’s Patch Tuesday security release tackled 112 vulnerabilities, including 24 remote code execution (RCE) bugs and a zero-day flaw currently being exploited in the wild.
On November 9, Adobe announced the purchase of Workfront for $1.5 billion. The marketing firm’s content delivery and analytics solutions are destined to join Adobe’s Experience Cloud platform.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
