American software and creative suite giant Adobe has release a slew of updates and patches for its software and platforms – 45 marked “critical” – including an important patch for Adobe Download Manager for Windows.
The Adobe patches include one for a vulnerability in the Adobe Download Manager for Windows that allows an attacker to escalate privileges within the system, potentially letting a hacker compromise the processing resources of a user’s computer.
The vulnerability, marked CVE-2019-8071, was first discovered by Eran Shimony of CyberArk and a patch is now available.
In the update APSB19-49 Adobe has identified 68 security total issues relating to Adobe Acrobat and Reader. The vast majority are critical, which Adobe classifies as a “vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”
Adobe is warning that these critical and important vulnerabilities could lead to hackers successfully carrying out an arbitrary code execution which has the same level of security clearance as the user. The San Jose creative software firm has rolled out the APSB19-49 update to address all 68 issues and is advising users and IT teams to either manually update or initiate the update via the enterprise installer.
Adobe Patches: A Team Effort
Adobe have also instrumented patches for its content management system and digital enrolment tool Adobe Experience Manager.
In its APSB19-48 update Adobe is patching several vulnerabilities that give hackers the ability to initiate several cross site scripting attacks.
Many of these are classified as ‘Important’ which means that if they were to be exploited a hacker could compromise a system’s data security and potentially compromise the users processing resources.
Vulnerabilities fixed in the APSB19-48 update include cross-site request forgery, reflected cross site scripting, authentication bypass, xml external entity injection and command injection to name but a few. Again Adobe have released updates that address these issues and users are advised to update as soon as possible.
This wealth of updates showcases how much firms like Adobe really rely on bug bounty hunters, independent security experts and organisations to smoke out vulnerabilities within its software and platform, as over 30 individuals and organizations are credited with helping Adobe find and patch the myriad of issues in the APSB19-49 update alone.