fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Adobe Fixes Critical Security Vulnerabilities In Acrobat, Reader

Adobe Fixes Critical Security Vulnerabilities In Acrobat, Reader

Adobe has released security updates to address critical severity vulnerabilities affecting Adobe Acrobat and Reader for Windows and macOS that could enable attackers to execute arbitrary code on vulnerable devices.

In all, the company today addressed 14 security flaws affecting the two products, 10 of them rated as either critical or important severity bugs.

These bugs may allow arbitrary code execution, local privilege escalation, information disclosure, arbitrary JavaScript execution, and dynamic library injection.

Adobe categorized the security updates as priority 2 updates which means that they address vulnerabilities with no public exploits in products that have “historically been at elevated risk.”

The full list of vulnerabilities fixed today is available in the table embedded below, together with their severity ratings and assigned CVE numbers.

Also Read: The Top 10 Best And Trusted List Of Lawyers In Singapore

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Heap-based buffer overflow    Arbitrary Code Execution     Critical CVE-2020-24435
Improper access controlLocal privilege escalation ImportantCVE-2020-24433
Improper input validationArbitrary JavaScript ExecutionImportantCVE-2020-24432
Signature validation bypassMinimal (defense-in-depth fix)ModerateCVE-2020-24439
Signature verification bypassLocal privilege escalationImportant CVE-2020-24429
Improper input validationInformation Disclosure   Important CVE-2020-24427
Security feature bypassDynamic library injectionImportant CVE-2020-24431
Out-of-bounds write   Arbitrary Code Execution       Critical CVE-2020-24436
Out-of-bounds read   Information Disclosure   ModerateCVE-2020-24426
CVE-2020-24434
Race ConditionLocal privilege escalationImportant CVE-2020-24428
Use-after-free     Arbitrary Code Execution       Critical CVE-2020-24430
CVE-2020-24437
Use-after-freeInformation DisclosureModerateCVE-2020-24438

Adobe recommends customers to update the vulnerable products to the latest versions as soon as possible to block attacks that could lead to unpatched installations’ exploitation.

Depending on their preferences, users can update their Adobe Acrobat and Reader products to the latest patched versions using one of the following approaches:

  • Users can update their product installations manually by choosing Help > Check for Updates.
  • The products will update automatically, without requiring user intervention, when updates are detected.
  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

IT admins can also deploy the security updates in managed environments using the enterprise installers available through Adobe’s public FTP server or by using Windows/macOS remote management solutions.

Also Read: The Importance Of Knowing Personal Data Protection Regulations

Last month, Adobe patched 18 critical security bugs affecting ten of its Windows and macOS products that could be exploited to execute arbitrary code.

The software products patched by Adobe in October include Adobe Creative Cloud Desktop Application, Adobe InDesign, Adobe Media Encoder, Adobe Premiere Pro, Adobe Photoshop, Adobe After Effects, Adobe Animate, Adobe Dreamweaver, Adobe Illustrator, and Marketo.

In October, the company also addressed a critical Adobe Flash Player remote code execution vulnerability that could be exploited by simply visiting a maliciously crafted website.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us