Adobe fixes critical flaws in Magento, patch it immediately

Adobe security updates for August 2021 have addressed critical vulnerabilities in Magento and important bugs in Adobe Connect.

Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important issues in Adobe Connect:

Multiple critical vulnerabilities could be exploited by attackers to gain arbitrary code execution. Magento has also released updates to fix 26 vulnerabilities, including ten pre-authentication vulnerabilities in Magento that can be exploited by an unauthenticated attacker. A remote attacker could exploit some of these vulnerabilities to gain code execution and take over the e-store.

At the time of this writing experts are not aware of attacks in the wild exploiting the above vulnerabilities, anyway administrators are recommended to update their installs as soon as possible.

Adobe also released an update for Adobe Reader that addresses 26 flaws, most of these are Out-Of-Bounds (OOB) Reads, but there are also some Use-After-Free (UAF), OOB Write, stack exhaustion, and memory corruption bugs addressed.

“One interesting bug being fixed here is CVE-2020-9697, which was found by ZDI Vulnerability Analysis Manager Abdul-Aziz Hariri. The reliable info disclosure leak appears to have existed for more than a decade. We’ll tweet out the proof-of-concept demonstration for this one tomorrow. Yes – the demo is short enough to fit in a tweet.” states the zero-day initiative.

Another interesting issue is a CVE-2020-9712 that could allow attackers to bypass HTML parsing mitigations within Acrobat Pro DC. The flaw could be triggered by an attacker to parse HTML documents remotely from within Acrobat. Adobe also released security fixes for a privilege escalation bug in Adobe Lightroom.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.