SC Media > Home > Patch Management > Adobe releases update to patch critical flaws that could leave networks, data vulnerable

Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.  

“While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which in this case, would allow an attacker to run malicious Javascript on a victim’s machine,” commented Richard Melick, Automox senior technical product manager.

The patches for InDesign (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, CVE-2020-9731) and Framemaker (CVE-2020-9726, CVE-2020-9725) will close the door on any attacker that might attempt to run a malicious script or program acting as the logged-in user, Melick added.

The impact of any exploitation of these vulnerabilities, no matter their criticality, could open any organization up to the release of private information, easy lateral movement through a network, or the hijacking of critical information all due to the heavy use of these tools in marketing and its unfettered access to critical information, Melick added.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.”

The software company rated the Adobe Experience Manager (AEM) vulnerabilities as “critical” and “important,” highlighting the following flaws:CVE-2020-9732, CVE-2020-9733, CVE-2020-9734, CVE-2020-9735, CVE-2020-9736, CVE-2020-9737, CVE-2020-9738, CVE-2020-9740, CVE-2020-9741, CVE-2020-9742, CVE-2020-9743.

Adobe thanked an anonymous researcher working with the Trend Micro Zero Day Initiative on the Framemaker flaw and Kexu Wang of Fortinet’s FortiGuard Labs regarding InDesign for reporting relevant issues and for working with Adobe to help protect its customers.

Source: https://www.scmagazine.com/home/patch-management/adobe-patches-for-critical-flaws-should-be-applied-right-away/

Vulnerability, Patch, Common Vulnerabilities and Exposures, Adobe

World news – GB – Adobe releases update to patch critical flaws that could leave networks, data vulnerable | SC Media

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here