SC Media > Home > Patch Management > Adobe releases update to patch critical flaws that could leave networks, data vulnerable

Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.  

“While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which in this case, would allow an attacker to run malicious Javascript on a victim’s machine,” commented Richard Melick, Automox senior technical product manager.

The patches for InDesign (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, CVE-2020-9731) and Framemaker (CVE-2020-9726, CVE-2020-9725) will close the door on any attacker that might attempt to run a malicious script or program acting as the logged-in user, Melick added.

The impact of any exploitation of these vulnerabilities, no matter their criticality, could open any organization up to the release of private information, easy lateral movement through a network, or the hijacking of critical information all due to the heavy use of these tools in marketing and its unfettered access to critical information, Melick added.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.”

The software company rated the Adobe Experience Manager (AEM) vulnerabilities as “critical” and “important,” highlighting the following flaws:CVE-2020-9732, CVE-2020-9733, CVE-2020-9734, CVE-2020-9735, CVE-2020-9736, CVE-2020-9737, CVE-2020-9738, CVE-2020-9740, CVE-2020-9741, CVE-2020-9742, CVE-2020-9743.

Adobe thanked an anonymous researcher working with the Trend Micro Zero Day Initiative on the Framemaker flaw and Kexu Wang of Fortinet’s FortiGuard Labs regarding InDesign for reporting relevant issues and for working with Adobe to help protect its customers.

Source: https://www.scmagazine.com/home/patch-management/adobe-patches-for-critical-flaws-should-be-applied-right-away/

Vulnerability, Patch, Common Vulnerabilities and Exposures, Adobe

World news – GB – Adobe releases update to patch critical flaws that could leave networks, data vulnerable | SC Media

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here