Adobe releases new security fixes for Connect, Reader Mobile

Adobe releases new security fixes for Connect, Reader Mobile
Spread the love

Adobe has released a small security update to resolve vulnerabilities in Connect and Reader Mobile. 

The tech giant’s standard monthly security release included two advisories; one relating to the Adobe Connect remote conferencing and collaboration tool, and the other to Reader Mobile, a mobile version of the firm’s .PDF document reader and manager. 

The first advisory details CVE-2020-24442 and CVE-2020-24443, two reflected cross-site scripting (XSS) issues in Connect. The bugs, considered “important,” can be exploited to execute arbitrary JavaScript code in a browser. 

See also: Adobe to buy marketing software firm Workfront for $1.5 billion

Adobe’s second security bulletin reveals a fix for CVE-2020-24441, an “important” bug in Reader that relates to improper access control. If exploited by an attacker, this vulnerability can lead to information disclosure. 

CNET: Ex-Microsoft engineer gets 9-year prison sentence for fraud scheme

Adobe thanked researchers Pedro Oliveira, Saulius Pranckevicius, and Shaun Budding for reporting these security issues privately. 

Last month, Adobe resolved a single vulnerability in its standard monthly update, a critical code execution issue found in Flash.

The company also released two out-of-band releases in October to fix critical security flaws in software including Magento, Photoshop, Illustrator, and InDesign. (1,2)

TechRepublic: DDoS attacks: How to combat the latest tactics

In related news, Microsoft’s Patch Tuesday security release tackled 112 vulnerabilities, including 24 remote code execution (RCE) bugs and a zero-day flaw currently being exploited in the wild. 

On November 9, Adobe announced the purchase of Workfront for $1.5 billion. The marketing firm’s content delivery and analytics solutions are destined to join Adobe’s Experience Cloud platform. 

READ  How to make sure your ‘AI for good’ project actually does good

Previous and related coverage

  • Adobe releases another out-of-band patch, squashing critical bugs across creative software

  • Adobe kills Flash in Acrobat and Reader – pushes out these critical security bug fixes

  • Adobe patches Magento bugs that lead to code execution, customer list tampering

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *