Pierluigi Paganini
November 10, 2020
Adobe has released security patches to address vulnerabilities in its Reader Mobile and Connect products.
“Adobe has published security bulletins for Adobe Connect (APSB20-69) and Adobe Reader Mobile (APSB20-71). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.” reads the security advisory published by the company.
In Connect, Adobe has addressed two important-severity reflected cross-site scripting (XSS) vulnerabilities that could lead arbitrary JavaScript execution in the browser-
| Reflected cross-site scripting | Arbitrary JavaScript execution in the browser | Important | CVE-2020-24442 CVE-2020-24443 |
The flaws have been reported to Adobe by researchers Saulius Pranckevicius from Danske Bank Red Team (CVE-2020-24442) and Shaun Budding (@pudsec) (CVE-2020-24443).
The software giant addressed the flaw with the release of Connect 11.0.5.
In Adobe Reader Mobile for Android, the company addressed an important-severity improper access control flaw, tracked as CVE-2020-24441, that can lead to the disclosure of sensitive information.
The vulnerability was reported to Adobe by the security researcher Pedro Oliveira (@kanytu).
The good news is that the company is not aware of any attacks in the wild exploiting these vulnerabilities.
In early November, Adobe has addressed 14 vulnerabilities in its Acrobat products, including critical flaws that can be exploited by attackers for arbitrary code execution.
The vulnerabilities impact the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Adobe )
[adrotate banner=”5″]
[adrotate banner=”13″]
