Home Security Adobe July Patch Tuesday Addressed Vital Safety Flaws

Adobe July Patch Tuesday Addressed Vital Safety Flaws

by ethhack

This week, Adobe has rolled-out their month-to-month safety updates. This time, the updates handle comparatively a lot fewer safety flaws. Furthermore, the updates don’t deal with any fashionable Adobe merchandise, like Flash Participant or Reader. Fairly, the patches intention at Adobe Expertise Supervisor, Adobe Bridge CC, and Dreamweaver. Beneath is a fast round-up of Adobe July Patch Tuesday.

A number of Vulnerabilities Patched In Adobe Expertise Supervisor

With July updates, Adobe has fastened three totally different vulnerabilities in Adobe Expertise Supervisor. These embody two vital vulnerabilities and a single moderate-severity flaw. As acknowledged of their advisory, these vulnerabilities, upon exploit, might end in disclosure of delicate info.

Amongst these, the vital safety flaws embody a cross-site request forgery (CVE-2019-7953) and saved cross-site scripting (CVE-2019-7954).

Moreover, the average severity flaw included a mirrored cross-site scripting vulnerability (CVE-2019-7955). The distributors acknowledged Lorenzo Pirondini for reporting this flaw.

The Adobe Expertise Supervisor variations affected by these vulnerabilities embody 6.0, 6.1, 6.2, 6.3, and 6.4. Adobe has fastened all these vulnerabilities within the respective AEM variations 6.3, 6.4, and 6.5.

Different Adobe July Patch Tuesday Fixes

Along with the above, Adobe Patch Tuesday updates additionally handle a single flaw every in Adobe Bridge CC and Adobe Dreamweaver.

Relating to Adobe Bridge CC, an vital out-of-bounds learn vulnerability (CVE-2019-7963) existed that would end in info disclosure. As acknowledged in Adobe’s advisory,

A vulnerability… happens when parsing malformed SVG photos. This may end up in an out-of-bounds reminiscence learn which ends up in info (reminiscence handle) disclosure within the context of present consumer.

The vulnerability particularly affected the Adobe Bridge CC variations 9.0.2 and earlier. Whereas, the distributors fastened the flaw with model 9.1. Additionally they credited Pattern Micro’s Zero Day Initiative researcher, Francis Provencher, for reporting the flaw.

As for the vulnerability in Adobe Dreamweaver, an vital Insecure Library Loading (DLL hijacking) flaw affected the Adobe Dreamweaver direct obtain installer variations together with and previous to 19.Zero and 18.0. This vital vulnerability (CVE-2019-7956) might result in privilege escalation upon an exploit.

Adobe has fastened this flaw with the discharge of Adobe Dreamweaver direct obtain installer 2019 and 2018 releases. Moreover, Adobe additionally thanked the researcher, Honc, of their advisory for reporting this situation.

Customers of the respective Adobe merchandise should guarantee updating their programs to the patched software program variations.

This month’s safety updates don’t handle any crucial safety flaws, in contrast to the updates launched in May and June 2019.

Take your time to touch upon this text.

The next two tabs change content material beneath.
Avatar
Abeerah has been a passionate blogger for a number of years with a selected curiosity in direction of science and know-how. She is loopy to know every little thing concerning the newest tech developments. Figuring out and writing about cybersecurity, hacking, and spying has at all times enchanted her. When she shouldn’t be writing, what else generally is a higher pastime than net browsing and staying up to date concerning the tech world! Attain out to me at: [email protected]
Avatar

Source link

Related Articles

Leave a Comment

tech