The latest security updates from Adobe fix serious bugs in Experience Manager, InDesign, and Framemaker.
The largest patch is for Adobe Experience Manager (AEM) versions 6. five. five. 0, 6. 4. 8. 1, 6. 3. 3. 8 and earlier, such as 6. 2 SP1-CFP20 and earlier. AEM Forms Service Pack five and earlier plug-in package versions are also affected.
Five critical vulnerabilities have been addressed in AEM, adding to mirrored and stored cross-site scripting issues. Errors are tracked as CVE-2020-9732, CVE-2020-9734, CVE-2020-9740, CVE-2020-9741, and CVE-2020-9742.
Two of the security issues, CVE-2020-9732 and CVE-2020-9734, relate in particular to the Forms service package.
Every security vulnerability, if left unchecked, can lead to arbitrary execution of JavaScript in the browser.
See also: Microsoft – We’re wrapping up for Adobe Flash, here’s how
Six other insects that were vital were also constant in AEM. CVE-2020-9733 is described as an “unnecessarily privileged runtime” factor that can lead to data disclosure if abused, while CVE-2020-9743 is an arbitrary HTML-based injection vulnerability. in the browser.
Additionally, CVE-2020-9735, CVE-2020-9736, CVE-2020-9737, and CVE-2020-9738 are stored cross-site scripting security vulnerabilities that can lead to arbitrary execution of JavaScript in a browser.
Adobe also updated a variety of software dependencies by adding Handlebars. js, Lodash. js, Log4j, and Dom4j.
During this month’s security round, the software found a total of five vulnerabilities in Adobe InDesign. The bugs, which affect versions 15. 1. 1 and earlier, “could lead to arbitrary code execution in the context of the existing user,” according to Adobe.
Each factor of safety (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, and CVE-2020-9731) is described as a reminiscence corruption flaw.
Adobe Framemaker, a document processor for giant documents, also gained a security update. Two critical vulnerabilities, a diversity read and a stack-based buffer overflow factor (CVE-2020-9726, CVE-2020-9725), can lead to arbitrary code execution when exploited.
CNET: Five Online Cyber Security Courses to Help You Become a Pro and Explore a New Job
“While none of the vulnerabilities disclosed in the Adobe release are known to have been actively attacked today, all patches are prioritized on the systems where those products are installed,” said Jimmy Graham, Qualys senior director of product control.
The technician thanked researchers at Trend Micro and Fortinet’s FortiGuard Labs for revealing some of the security concerns.
The latest Adobe security patch, released in September, consists of 26 critics and bugs in Acrobat and Reader. A total of 11 can be used in remote code execution attack chains.
TechRepublic: How SMBs Overcome Top Cybersecurity Challenges
Adobe Flash has been a regular contributor to security update lists for many years. Microsoft, Adobe, Apple, Facebook, Google, and Mozilla plan to terminate for the software through the end of 2020, and earlier this week, Microsoft cleared its timing to remove the software. Flash loading for Microsoft Edge and Internet Explorer 11. After this period, Adobe will no longer consider security patches for the software.
Additionally, the latest Microsoft security fixes addressed 129 vulnerabilities in 15 products, adding 20 critical remote code execution vulnerabilities.
Do you have any advice? Get in touch safely WhatsApp | Signal to +447713025499, or more to Keybase: charlie0
Google Maps XSS bug investigator, workaround
Knowledge of the webmaster forum knowledge base for 800,000 users
Laptops for Academics and Distance Education in 2020
MIT SCRAM: A New Research Platform to Prioritize Business Security Investments
By registering, you accept the terms of use and acknowledge the knowledge practices described in the privacy policy.
You will get a loose subscription to the Tech Update Today and ZDNet Announcement newsletters. You can unsubscribe from these newsletters at any time.
You agree to get updates, alerts and promotions from the CBS circle of business family members by adding Tech Update Today newsletters from ZDNet and ZDNet Announcement. You can unsubscribe at any time.