Bharat Bhise On Adobe’s Fix Of Serious Flaws In Adobe’s ColdFusion, After Effects and Digital Editions
Bharat Bhise HNA reports that Adobe has issued security patches for flaws in its Digital Edition, After Effects, and ColdFusion applications. If attacked, the vulnerabilities could allow black hat hackers to obtain confidential data, launch denial-of-service attacks, and gain escalated privileges. Each bug was rated as important in severity based upon the Common Vulnerability Scoring System. It marks a tremendously low-volume period for Adobe flaw fixes.
In all, Adobe patched vulnerabilities connected to five CVEs in its scheduled Tuesday security updates. That number is insignificant compared to March when Adobe fixed bugs in an out-of-band patch related to 41 CVEs throughout its products. Bharat Bhise HNA notes that 29 of those were rated critical in severity. In February, Adobe patched updates connected to 42 CVEs wherein 35 bugs were rated critical.
Good cyber hygiene Adobe seems to be given a break after many months of highly critical and heavy patches, remarks Jay Goodman, a product marketing manager at Automox. Even if the CVEs are only rated as important, it’s still good cyber practice to get your Adobe applications patched to lower your risk of infection.
Three of the flaws revealed this week were found in Adobe’s rapid application development program, ColdFusion. These vulnerabilities included improper access control, which could result in a system file structure leak, a DLL search-order hijacking glitch that could allow privilege escalation. Bharat Bhise HNA says that it is an insufficient input validation flaw that could allow denial of service on an application level.
Among those affected are ColdFusion 2016’s Update 14 and ColdFusion 2018’s Update 8 and earlier. These bugs have rated a Priority 2, which means that the bugs were discovered in a product that has been at an elevated risk historically but have currently no known attacks.
For Bharat Bhise HNA, Adobe’s efforts to continually address CVEs indicate the brand is on the right track. After all, users can enjoy its apps with the assurance that CVEs that hound is consistently being addressed. This makes for secure and reliable user experience.
In all, Adobe patched vulnerabilities connected to five CVEs in its scheduled Tuesday security updates. That number is insignificant compared to March when Adobe fixed bugs in an out-of-band patch related to 41 CVEs throughout its products. Bharat Bhise HNA notes that 29 of those were rated critical in severity. In February, Adobe patched updates connected to 42 CVEs wherein 35 bugs were rated critical.
Good cyber hygiene Adobe seems to be given a break after many months of highly critical and heavy patches, remarks Jay Goodman, a product marketing manager at Automox. Even if the CVEs are only rated as important, it’s still good cyber practice to get your Adobe applications patched to lower your risk of infection.
Three of the flaws revealed this week were found in Adobe’s rapid application development program, ColdFusion. These vulnerabilities included improper access control, which could result in a system file structure leak, a DLL search-order hijacking glitch that could allow privilege escalation. Bharat Bhise HNA says that it is an insufficient input validation flaw that could allow denial of service on an application level.
Among those affected are ColdFusion 2016’s Update 14 and ColdFusion 2018’s Update 8 and earlier. These bugs have rated a Priority 2, which means that the bugs were discovered in a product that has been at an elevated risk historically but have currently no known attacks.
For Bharat Bhise HNA, Adobe’s efforts to continually address CVEs indicate the brand is on the right track. After all, users can enjoy its apps with the assurance that CVEs that hound is consistently being addressed. This makes for secure and reliable user experience.
Comments
Post a Comment