Adobe has received a report that CVE-2021-28550 has been exploited in the wild in. Successful exploitation could lead to arbitrary code execution in the context of the current user. These updates address multiple critical and important vulnerabilities. The patch specifically addresses a memory corruption issue (CVE-2016-0954) it has not been publicly attacked, Adobe said, adding that versions 4.5.0 and earlier are affected. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. The Adobe Digital Editions vulnerability also leads to remote code execution, Adobe said. All three can be exploited to remotely execute code on compromised machines, Adobe said, adding that it was not aware of any public attacks against these bugs.Īdobe said the Windows and Macintosh versions of Acrobat and Reader DC Continuous (15.010.20059 and earlier and 15.006.30119 and earlier, respectively) are affected, as are Acrobat and Reader Desktop versions 11.0.14 and earlier. Two of the patches (CVE-2016-1007 and CVE-2016-1009) address memory corruption vulnerabilities, while the third addresses a flaw in the directory search path (CVE-2016-1008). The trio of Acrobat and Reader vulnerabilities were privately disclosed to Adobe by researchers at HP’s Zero Day Initiative. Multiple vulnerabilities have been identified in Acrobat DC and Reader DC which could. Today’s patches are much lighter, fixing three flaws in Acrobat and Reader, and a single vulnerability in Digital Editions. Multiple Vulnerabilities in Adobe Acrobat and Reader Security Updates. Last month, Adobe patched 22 CVEs in Flash Player, most of which were memory-related vulnerabilities, including corruption and use-after-free vulnerabilities. The alternative would be to find a way to disable the auto-update all together but then I would have to manually update the systems periodically. And while the customary Flash update is missing from today’s monthly rollout, Adobe said a new version of the software will be available “in the coming days.” If I cant get the update to happen during this window, the system will be doomed to reinstall the latest version of DC each time it reverts (which could be several times a day). الشرق الأوسط وشمال أفريقيا - اللغة العربيةAdobe today released security updates for its PDF editing and viewing products, Acrobat and Reader, and its ereader for books called Adobe Digital Editions. Southeast Asia (Includes Indonesia, Malaysia, Philippines, Singapore, Thailand, and Vietnam) - English For information about the latest version, see the Release Notes. Updates can be installed as described below. Adobe recommends that update to the latest version to take advantage of security and stability improvements. Last updated on Also Applies to Adobe Acrobat XI. Selecting a region changes the language and/or content on . Manually update Adobe Acrobat installation. Yuebin of Tencent Security Xuanwu Lab (CVE-2020-9696).Mark Vincent Yason working with Trend Micro Zero Day Initiative (CVE-2020-9715).Zhangqing, Zhiyuan Wang and willJ from cdsrc of Qihoo 360 (CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721) Update Adobe Acrobat to the latest released version manually by using the menu option - Help > Check for updates.Kyle Martin from North Carolina State University, Sung Ta Dinh from Arizona State University, Haehyun Cho from Arizona State University, Ruoyu "Fish" Wang from Arizona State University, Alexandros Kapravelos from North Carolina State University and Yan Shoshitaishvili from Arizona State University (CVE-2020-9722).Csaba Fitzl from Offensive Security working with iDefense Labs (CVE-2020-9714).Also, make sure you have the latest version 20.006.20042 installed. Go to Edit (Windows), Adobe Acrobat / Reader DC (Mac) > Preferences > Enhanced Security > Add File and Add Folder path > Click OK. Abdul-Aziz Hariri of Trend Micro Zero Day Initiative (CVE-2020-9697, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9712) Try to Add file and Folder to the Whitelist of Acrobat / Reader DC.Steven Seeley of Qihoo 360 Vulcan Team (CVE-2020-9723).Anonymous working with Trend Micro Zero Day Initiative (CVE-2020-9693, CVE-2020-9694).Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |