Login

Register

Login

Register

#cybersecurity | hacker | Adobe Patch Tuesday: Critical vulnerabilities in Flash Player, Framemaker patched

[ad_1]

Adobe conducted
a large-scale rollout of security updates for a variety of its products for February
Patch Tuesday, including a critical patch for Flash Player that if exploited could
result in arbitrary code execution in the context of the current user.

Joining
Adobe Flash Player in receiving security updates are Framemaker, Acrobat Reader
and DC, Digital Editions and Experience Manager.

The company
listed CVE-2020-3757 as a critical type confusion vulnerability for Flash
Player for Windows, Mac and Linux, although it noted that the issue is not
being exploited in the wild at this time. A patch
is available.

Framemaker’s
updates patch 21 critical CVEs covering a buffer error, heap overflow, memory
corruption and out-of-bounds write flaws, all of which can lead to arbitrary
code execution if left unpatched
and are exploited.

Reader and
Reader DC combined had 12 critical, three important and two moderate-rated
issues. The most pressing problems center on heap overflow, buffer error, privilege
escalation and use after free vulnerabilities potentially leading to arbitrary
code execution if left unpatched.

Adobe Digital
Edition had patches
issued for the critical, CVE-2020-3760, and important-rated, CVE-2020-3759.  The former is a command injection problem
that could lead to arbitrary code execution and the latter is a buffer error
that could result in information disclosure.

Experience
Manager had the lone important-rated CVE-2020-3741 patched.
If left as is this could lead to a denial of service condition due to an uncontrolled
resource consumption problem.

[ad_2]

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW