1598872020
Adobe Issues July 2020 Critical Security Patches for Multiple Software
Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications.
Out of these 13 vulnerabilities, four have been rated critical, and nine are important in severity.
The affected products that received security patches today include:
- Adobe Creative Cloud Desktop Application
- Adobe Media Encoder
- Adobe Genuine Service
- Adobe ColdFusion
- Adobe Download Manager
Adobe Creative Cloud Desktop Application versions 5.1 and earlier for Windows operating systems contain four vulnerabilities, one of which is a critical symlink issue (CVE-2020-9682) leading to arbitrary file system write attacks.
According to the advisory , the other three important flaws in this Adobe software are privilege escalation issues.
Adobe Media Encoder contains two critical arbitrary code execution (CVE-2020-9650 and CVE-2020-9646) and one important information disclosure issues, affecting both Windows and macOS users running Media Encoder version 14.2 or earlier.
Adobe Genuine Service , a utility in Adobe suite that prevents users from running non-genuine or cracked pirated software, is affected by three important privilege escalation issues. These flaws reside in software version 6.6 and earlier for Windows and macOS operating systems.
#security
What is GEEK
Buddha Community
1594753020
Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.
The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.
Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.
Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.
“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.
Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.
The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.
“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”
A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.
#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs
1596868080
Critical Adobe Photoshop Flaws Patched in Emergency Update
Adobe issued out-of-band patches for critical flaws tied to 12 CVEs in Photoshop and other applications.
Adobe released a slew of patches for critical vulnerabilities Tuesday that were part of an out-of-band security update. Several of the critical flaws are tied to Adobe’s popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices.
Overall, Adobe issued patches for flaws tied to 12 CVEs across Bridge, Prelude and Photoshop applications. The unscheduled updates come a week after Adobe issued its official July 2020 security updates, including critical code-execution bugs.
Adobe said it was not aware of any exploits in the wild for any of the bugs patched in the update. The company did not offer technical details regarding the Photoshop CVEs.
Threatpost reached out to Mat Powell, researcher with Trend Micro’s Zero Day Initiative, who is credited for finding each of the critical flaws. Powell has not responded to that request. Threatpost hopes to update this report with additional commentary from the researcher.
All of the reported critical flaws stem from out-of-bounds read and write vulnerabilities, which occur when the software reads data past the end of – or before the beginning of – the intended buffer, potentially resulting in corruption of sensitive information, a crash, or code execution among other things.
Adobe Photoshop features two out-of-bounds read flaws (CVE-2020-9683, CVE-2020-9686) and three out-of-bound write (CVE-2020-9684, CVE-2020-9685, CVE-2020-9687) issues. All of these could “lead to arbitrary code execution in the context of the current user,” according to Adobe.
The Photoshop vulnerabilities affect Photoshop CC 2019 versions 20.0.9 and earlier and Photoshop 2020 21.2 and earlier (for Windows). Users can update to versions 20.0.10 and 21.2.1, respectively.
Adobe has previously addressed various serious flaws in its Photoshop photo editing app, including dozens of arbitrary code-execution issues in March – which addressed 22 CVEs in Photoshop overall, 16 of which were critical.
Other Flaws
Also fixed were critical flaws tied to three CVEs in Bridge, Adobe’s asset management app. These include an out-of-bounds read flaw (CVE-2020-9675) and out-of-bounds write issues (CVE-2020-9674, CVE-2020-9676) that could enable code execution. Adobe Bridge versions 10.0.3 and earlier are affected; users can update to version 10.1.1 for a fix.
Adobe also issued patches for critical vulnerabilities in its Prelude app, which works with its Premiere Pro video editing app to allow users to tag media with metadata for searching, post-production workflows, and footage lifecycle management.
Prelude contains out-of-bounds read (CVE-2020-9677, CVE-2020-9679) and out-of-bounds write (CVE-2020-9678, CVE-2020-9680) glitches that can allow code execution. Adobe Preluade versions 9.0 and earlier for Windows are affected; users can update to version 9.0.1.
Powell was also credited with reporting the additional critical flaws.
Adobe also issued patches for an “important” severity flaw in Adobe Reader Mobile for Android, which allows users to view and edit PDFs from their smartphones. The application has a directory traversal issue (CVE-2020-9663) enabling information disclosure in the context of the current user. Adobe Reader Mobile for Android, versions 20.0.1 and earlier are impacted. Users can update to version 20.3 (for all Android versions).
#vulnerabilities #web security #adobe #adobe bridge #adobe fix #adobe prelude #critical flaw #out of band patch #patch #photoshop #security update #unscheduled update
1599707640
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
Adobe has released fixes addressing five critical flaws in its popular Experience Manager content-management solution for building websites, mobile apps and forms. The cross-site scripting (XSS) flaws could allow attackers to execute JavaScript in targets’ browsers.
Including Adobe Experience Manager, Adobe fixed 18 flaws as part of its regularly scheduled September updates. It also addressed flaws in Adobe Framemaker, its document-processor designed for writing and editing large or complex documents; and InDesign, its desktop publishing and typesetting software application.
“The impact of any exploitation of these vulnerabilities, no matter their criticality, could open any organization up to the release of private information, easy lateral movement through a network, or the hijacking of critical information all due to the heavy use of these tools in marketing and its unfettered access to critical information,” said Richard Melick, senior technical product manager at Automox, in an email. “It is important to patch these vulnerabilities as soon as possible.”
Click to Register
Adobe patched 11 bugs overall in its Experience Manager; five of those are rated critical severity, and the rest are “important” severity. The critical flaws are all XSS glitches (CVE-2020-9732, CVE-2020-9742, CVE-2020-9741, CVE-2020-9740 and CVE-2020-9734).
“Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser,” according to Adobe.
The five important-severity flaws include an issue allowing for execution with unnecessary privileges, leading to sensitive information disclosure (CVE-2020-9733), four cross site scripting flaws (CVE-2020-9735, CVE-2020-9736, CVE-2020-9737, CVE-2020-9738) and an HTML injection glitch (CVE-2020-9743) allowing arbitrary HTML injection in the browser.
Below is a list of affected product solutions; fixes are available in version 6.5.6.0 and version 6.4.8.2 (as well as AEM Forms Service Pack 6 for AEM forms add-on users).
The update for Adobe Experience Manager received a “priority 2,” meaning it resolves flaws in a product that has “historically been at elevated risk” – but for which there is no known exploits.
“Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days),” according to Adobe.
#vulnerabilities #web security #adobe #adobe bug #adobe experience manager #adobe framemaker #adobe indesign #adobe patch #browser attack #critical flaw #cross site scripting #html injection flaw #information disclosure #javascript #patch tuesday #xss
1603018800
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable.
There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public exploit is already circulating for this group.
This month’s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.
A full 75 are listed as important, and just one is listed as moderate in severity. None are listed as being under active attack, but the group does include six issues that were known but unpatched before this month’s regularly scheduled updates.
“As usual, whenever possible, it’s better to prioritize updates against the Windows operating system,” Richard Tsang, senior software engineer at Rapid7, told Threatpost. “Coming in at 53 of the 87 vulnerabilities, patching the OS knocks out 60 percent of the vulnerabilities listed, along with over half of the critical RCE vulnerabilities resolved today.”
11 Critical Bugs
One of the most notable critical bugs, according to researchers, is a remote code-execution (RCE) problem in the TCP/IP stack. That issue (CVE-2020-16898) allows attackers to execute arbitrary code with elevated privileges using a specially crafted ICMPv6 router advertisement.
Microsoft gives this bug its highest exploitability rating, meaning attacks in the wild are extremely likely – and as such, it carries a severity rating of 9.8 out of 10 on the CvSS vulnerability scale. True to the season, it could be an administrator’s horror show.
“If you’re running an IPv6 network, you know that filtering router advertisements is not a practical workaround,” said Dustin Childs, researcher at Trend Micro’s Zero-Day Initiative (ZDI), in his Patch Tuesday analysis. “You should definitely test and deploy this patch as soon as possible.”
Bharat Jogi, senior manager of vulnerability and threat research at Qualys, said that an exploit for the bug could be self-propagating, worming through infrastructure without user interaction.
“An attacker can exploit this vulnerability without any authentication, and it is potentially wormable,” he said. “We expect a proof-of-concept (PoC) for this exploit would be dropped soon, and we highly encourage everyone to fix this vulnerability as soon as possible.”
Threatpost has reached out for more technical details on the wormable aspect of the bug.
#cloud security #vulnerabilities #web security #critical #cve-2020-16898 #microsoft #october 2020 #patch tuesday #patches #publicly disclosed #remote code execution #router advertisements #security bug #security vulnerabilities #tcp/ip #unpatched bugs #wormable
1603036800
Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables
Google’s latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes – including a critical bug – and a feature that checks if users have any compromised passwords.
As of Tuesday, Chrome 86 is being promoted to the stable channel for Windows, Mac and Linux and will roll out over the coming days. The versions of the browser for Android and iOS were also released Tuesday, and will become available on Google Play and the App Store this week.
Included in the newest browser version is a critical flaw (CVE-2020-15967) existing in Chrome’s payments component. The flaw, reported by Man Yue Mo of GitHub Security Lab, is a use-after-free vulnerability. Use after free is a memory-corruption flaw where an attempt is made to access memory after it has been freed. This can cause an array of malicious impacts, from causing a program to crash, to potentially leading to execution of arbitrary code.
Use-after-free bugs have plagued Google Chrome in the past year. In fact, all seven high-severity vulnerabilities fixed by Google in Chrome 86 were use-after-free flaws – ranging from ones affecting Chrome’s printing (CVE-2020-15971), audio (CVE-2020-15972), password manager (CVE-2020-15991) and WebRTC (CVE-2020-15969) components (WebRTC is a protocol for rich-media web communication).
Further details of the bugs are not yet available, as “access to bug details and links may be kept restricted until a majority of users are updated with a fix,” according to Google’s Tuesday post.
Password Check
The Android and iOS versions of Chrome 86 will also come with a new security feature, which will send a copy of user’s usernames and passwords using a “special form of encryption.” That then lets Google check them against list of passwords known to be compromised.
“Passwords are often the first line of defense for our digital lives,” Abdel Karim Mardini, senior product manager with Chrome, said in a Tuesday post. “Today, we’re improving password security on both Android and iOS devices by telling you if the passwords you’ve asked Chrome to remember have been compromised, and if so, how to fix them.”
At the back end, when Google detects a username and password exposed by a data breach, it stores a strongly hashed and encrypted copy of the data. Then, when Chrome users log into a website, the feature sends a strongly hashed and encrypted version of their username and password to Google – meaning the company never derives usernames or passwords from the encrypted copy, it said.
#vulnerabilities #web security #android #chrome #chrome 86 #compromised password #credential stuffing #cve-2020-15967 #cve-2020-15969 #cve-2020-15971 #cve-2020-15972 #cve-2020-15991 #encryption #google #google payments #https #ios #linux #mac #password check #patches #safety check #security fix #security improvements #windows