An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
Some of Our Sources
- Team Treehouse
- Just Creative
- The Logo Smith
- Smashing Apps
- Inspiredology
- Web Design Ledger
- Android Headlines
- Dev To
- Hashedout
- The Verge
Help Webnuz
Referal links:
May 15, 2020 03:30 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/LlCF6AmuKAA/adobe-issues-patches-for-36-vulnerabilities-in-dng-reader-acrobat
Adobe Issues Patches For 36 Vulnerabilities In DNG, Reader, Acrobat
An anonymous reader quotes a report from ZDNet: Adobe has released security patches to resolve 36 vulnerabilities present in DNG, Reader, and Acrobat software. On Tuesday, the software giant issued two security advisories (1, 2) detailing the bugs, the worst of which can be exploited by attackers to trigger remote code execution attacks and information leaks. The first set of patches relate to Adobe Acrobat and Reader for Windows and macOS, including Acrobat / Acrobat Reader versions 2015 and 2017, as well as Acrobat and Acrobat Reader DC. In total, 12 critical security flaws have been resolved. Six of the bugs, a single heap overflow problem (CVE-2020-9612), two out-of-bounds write errors (CVE-2020-9597, CVE-2020-9594), two buffer overflow issues (CVE-2020-9605, CVE-2020-9604), and two use-after-free vulnerabilities (CVE-2020-9607, CVE-2020-9606) can all lead to arbitrary code execution in the context of the current user. The remaining problems, now patched, include a race condition error (CVE-2020-9615) and four security bypass bugs (CVE-2020-9614, CVE-2020-9613, CVE-2020-9596, CVE-2020-9592). 12 vulnerabilities, deemed important, were also disclosed in Acrobat and Reader. Null pointer, stack exhaustion, out-of-bounds read, and invalid memory access issues have been patched. If exploited, the bugs can be weaponized for information disclosure and application denial-of-service. Adobe's DNG Software Development Kit (SDK), versions 1.5 and earlier, is the subject of the second security advisory. The worst vulnerabilities are four heap overflow issues (CVE-2020-9589, CVE-2020-9590 , CVE-2020-9620, CVE-2020-9621) that can all lead to remote code execution attacks. In addition, eight out-of-bounds read problems in the software have also been fixed (CVE-2020-9622, CVE-2020-9623, CVE-2020-9624, CVE-2020-9625, CVE-2020-9626, CVE-2020-9627, CVE-2020-9628, CVE-2020-9629). If exploited, these issues can lead to information disclosure.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/LlCF6AmuKAA/adobe-issues-patches-for-36-vulnerabilities-in-dng-reader-acrobat
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot