Adobe releases new security fixes for Connect, Reader Mobile

November 11, 2020 TH Author

Adobe has released a small security update to resolve vulnerabilities in Connect and Reader Mobile.

The tech giant’s standard monthly security release included two advisories; one relating to the Adobe Connect remote conferencing and collaboration tool, and the other to Reader Mobile, a mobile version of the firm’s .PDF document reader and manager.

The first advisory details CVE-2020-24442 and CVE-2020-24443, two reflected cross-site scripting (XSS) issues in Connect. The bugs, considered “important,” can be exploited to execute arbitrary JavaScript code in a browser.

Adobe’s second security bulletin reveals a fix for CVE-2020-24441, an “important” bug in Reader that relates to improper access control. If exploited by an attacker, this vulnerability can lead to information disclosure.

CNET: Ex-Microsoft engineer gets 9-year prison sentence for fraud scheme

Adobe thanked researchers Pedro Oliveira, Saulius Pranckevicius, and Shaun Budding for reporting these security issues privately.

Last month, Adobe resolved a single vulnerability in its standard monthly update, a critical code execution issue found in Flash.

The company also released two out-of-band releases in October to fix critical security flaws in software including Magento, Photoshop, Illustrator, and InDesign. (1,2)

TechRepublic: DDoS attacks: How to combat the latest tactics

In related news, Microsoft’s Patch Tuesday security release tackled 112 vulnerabilities, including 24 remote code execution (RCE) bugs and a zero-day flaw currently being exploited in the wild.

On November 9, Adobe announced the purchase of Workfront for $1.5 billion. The marketing firm’s content delivery and analytics solutions are destined to join Adobe’s Experience Cloud platform.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0