View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Hardware
October 16, 2019

Adobe Patches 45 Critical Vulnerabilities, Including Download Manager

68 total bugs fixed

By CBR Staff Writer

American software and creative suite giant Adobe has release a slew of updates and patches for its software and platforms – 45 marked “critical” – including an important patch for Adobe Download Manager for Windows.

The Adobe patches include one for a vulnerability in the Adobe Download Manager for Windows that allows an attacker to escalate privileges within the system, potentially letting a hacker compromise the processing resources of a user’s computer.

The vulnerability, marked CVE-2019-8071, was first discovered by Eran Shimony of CyberArk and a patch is now available.

See also: HackerOne CEO Mårten Mickos on the Devil, Zero Days, and the Powers of a “Hacker Army”

In the update APSB19-49 Adobe has identified 68 security total issues relating to Adobe Acrobat and Reader. The vast majority are critical, which Adobe classifies as a “vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”

Adobe is warning that these critical and important vulnerabilities could lead to hackers successfully carrying out an arbitrary code execution which has the same level of security clearance as the user. The San Jose creative software firm has rolled out the APSB19-49 update to address all 68 issues and is advising users and IT teams to either manually update or initiate the update via the enterprise installer.

Adobe Patches: A Team Effort

Adobe have also instrumented patches for its content management system and digital enrolment tool Adobe Experience Manager.

In its APSB19-48 update Adobe is patching several vulnerabilities that give hackers the ability to initiate several cross site scripting attacks.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Many of these are classified as ‘Important’ which means that if they were to be exploited a hacker could compromise a system’s data security and potentially compromise the users processing resources.

Vulnerabilities fixed in the APSB19-48 update include cross-site request forgery, reflected cross site scripting, authentication bypass, xml external entity injection and command injection to name but a few. Again Adobe have released updates that address these issues and users are advised to update as soon as possible.

This wealth of updates showcases how much firms like Adobe really rely on bug bounty hunters, independent security experts and organisations to smoke out vulnerabilities within its software and platform, as over 30 individuals and organizations are credited with helping Adobe find and patch the myriad of issues in the APSB19-49 update alone.

See Also: Databricks Gifts Its Data Lake Technology to the Linux Foundation

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU