Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important issues in Adobe Connect:
Multiple critical vulnerabilities could be exploited by attackers to gain arbitrary code execution. Magento has also released updates to fix 26 vulnerabilities, including ten pre-authentication vulnerabilities in Magento that can be exploited by an unauthenticated attacker. A remote attacker could exploit some of these vulnerabilities to gain code execution and take over the e-store.
At the time of this writing experts are not aware of attacks in the wild exploiting the above vulnerabilities, anyway administrators are recommended to update their installs as soon as possible.
Adobe also released an update for Adobe Reader that addresses 26 flaws, most of these are Out-Of-Bounds (OOB) Reads, but there are also some Use-After-Free (UAF), OOB Write, stack exhaustion, and memory corruption bugs addressed.
“One interesting bug being fixed here is CVE-2020-9697, which was found by ZDI Vulnerability Analysis Manager Abdul-Aziz Hariri. The reliable info disclosure leak appears to have existed for more than a decade. We’ll tweet out the proof-of-concept demonstration for this one tomorrow. Yes – the demo is short enough to fit in a tweet.” states the zero-day initiative.
Another interesting issue is a CVE-2020-9712 that could allow attackers to bypass HTML parsing mitigations within Acrobat Pro DC. The flaw could be triggered by an attacker to parse HTML documents remotely from within Acrobat. Adobe also released security fixes for a privilege escalation bug in Adobe Lightroom.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Adobe)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.