Security News > 2020 > May > Adobe “out of band” critical patch – get your update now!
Adobe just published a foursome of very tight-lipped security notifications about new patches.
The bulletin APSB20-26 actually came out last week, on Patch Tuesday, leaving a gap at -25, suggesting that at least the patch in bulletin APSB20-15 was prepared in time for Patch Tuesday but didn't make the final cut, perhaps to give it time for additional testing or tweaking.
Adobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves a stack-based buffer overflow vulnerability that could lead to remote code execution.
Buffer overflows happen when a programmer doesn't leave enough space in memory for data that might later arrive and therefore creates the possibility for one chunk of malformed data to overwrite other data that's used elsewhere in the program.
That's bad enough because you typically lose unsaved work or end up with messed-up data after a crash, and a buffer overflow that can be abused to trigger crashes at will is the sort of security bug that's aptly named Denial of Service, or DoS for short.
News URL
https://nakedsecurity.sophos.com/2020/05/21/adobe-out-of-band-critical-patch-get-your-update-now/
Related news
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)