View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Hardware
October 16, 2019

Adobe Patches 45 Critical Vulnerabilities, Including Download Manager

68 total bugs fixed

By CBR Staff Writer

American software and creative suite giant Adobe has release a slew of updates and patches for its software and platforms – 45 marked “critical” – including an important patch for Adobe Download Manager for Windows.

The Adobe patches include one for a vulnerability in the Adobe Download Manager for Windows that allows an attacker to escalate privileges within the system, potentially letting a hacker compromise the processing resources of a user’s computer.

The vulnerability, marked CVE-2019-8071, was first discovered by Eran Shimony of CyberArk and a patch is now available.

See also: HackerOne CEO Mårten Mickos on the Devil, Zero Days, and the Powers of a “Hacker Army”

In the update APSB19-49 Adobe has identified 68 security total issues relating to Adobe Acrobat and Reader. The vast majority are critical, which Adobe classifies as a “vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”

Adobe is warning that these critical and important vulnerabilities could lead to hackers successfully carrying out an arbitrary code execution which has the same level of security clearance as the user. The San Jose creative software firm has rolled out the APSB19-49 update to address all 68 issues and is advising users and IT teams to either manually update or initiate the update via the enterprise installer.

Adobe Patches: A Team Effort

Adobe have also instrumented patches for its content management system and digital enrolment tool Adobe Experience Manager.

Content from our partners
Signs your accounting software is no longer fit for your growing business
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion

In its APSB19-48 update Adobe is patching several vulnerabilities that give hackers the ability to initiate several cross site scripting attacks.

Many of these are classified as ‘Important’ which means that if they were to be exploited a hacker could compromise a system’s data security and potentially compromise the users processing resources.

Vulnerabilities fixed in the APSB19-48 update include cross-site request forgery, reflected cross site scripting, authentication bypass, xml external entity injection and command injection to name but a few. Again Adobe have released updates that address these issues and users are advised to update as soon as possible.

This wealth of updates showcases how much firms like Adobe really rely on bug bounty hunters, independent security experts and organisations to smoke out vulnerabilities within its software and platform, as over 30 individuals and organizations are credited with helping Adobe find and patch the myriad of issues in the APSB19-49 update alone.

See Also: Databricks Gifts Its Data Lake Technology to the Linux Foundation

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU