fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Adobe Fixes Critical Security Vulnerabilities In Lightroom, Prelude

Adobe Fixes Critical Security Vulnerabilities In Lightroom, Prelude

Adobe has released security updates to address critical severity security bugs affecting Windows and macOS versions of Adobe Lightroom and Adobe Prelude.

In total, the company addressed four security vulnerabilities affecting three products, three of them rated as critical and one as an important severity bug in Adobe Experience Manager (AEM) and the AEM Forms add-on package.

These bugs could enable attackers to execute arbitrary code on vulnerable devices, as well as gain access to sensitive information and execute arbitrary JavaScript code in the browser.

Adobe categorized the critical security updates as priority 3 updates meaning that they affect products that haven’t been known targets for attackers.

However, the one issued to address the important severity vulnerability in Adobe Experience Manager is rated with a priority rating of 2 as it addressed a bug with no public exploits but impacting products that have “historically been at elevated risk.”

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

The full list of vulnerabilities fixed today is available in the table embedded below, together with severity ratings and assigned CVE numbers.

Vulnerability CategoryVulnerability ImpactSeverityCVE NumberAffected Product
Uncontrolled search path    Arbitrary Code ExecutionCritical CVE-2020-24440Adobe Prelude
Uncontrolled Search Path Element Arbitrary Code ExecutionCriticalCVE-2020-24447Adobe Lightroom Classic
Blind server-side request forgerySensitive Information DisclosureImportantCVE-2020-24444Adobe Experience Manager
Cross-site scripting (stored)Arbitrary JavaScript execution in the browserCriticalCVE-2020-24445

Adobe advises customers using vulnerable products to update to the latest versions as soon as possible to block attacks that could lead to successful exploitation of unpatched installations.

Depending on their preferences, users can update their products using one of the following approaches:

  • By going to Help > Check for Updates.
  • The full update installers can be downloaded from Adobe’s Download Center.
  • Let the products update automatically, without requiring user intervention, when updates are detected.

IT admins can also install these security updates in managed environments via enterprise installers available through Adobe’s public FTP server or using Windows/macOS remote management solutions.

Last month, Adobe fixed 14 vulnerabilities in Adobe Acrobat and Reader for Windows and macOS that could allow attackers to remotely execute code on vulnerable devices.

Adobe also patched 18 critical security bugs impacting ten of its Windows and macOS products that could have led to the execution of arbitrary code when exploited in attacks.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

The company also addressed a critical Adobe Flash Player remote code execution vulnerability that could be exploited by persuading potential victims to visit a maliciously crafted website.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us