Security News

Adobe has patched a critical arbitrary code execution vulnerability in Flash Player. "Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user," Adobe explained in its advisory.

Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3, including several that could be exploited to run arbitrary code. Firefox ESR is a Firefox version that's based on an official release for desktop, for use by organizations who need extended support for mass deployments.

Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices. In total, Apple addressed 11 bugs in products and components, including AppleAVD, Apple Keyboard, WebKit and Siri.

Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Another potentially serious vulnerability, classified as high severity and tracked as CVE-2020-2041, allows a remote, unauthenticated attacker to get all PAN-OS services to enter a DoS condition by causing the device to restart and enter maintenance mode.

Adobe on Tuesday informed customers that it has patched a total of 18 vulnerabilities across its Experience Manager, FrameMaker and InDesign products. In its InDesign design and publishing product, Adobe fixed five critical memory corruption bugs that can allow an attacker to execute arbitrary code in the context of the targeted user.

Recently addressed Microsoft Azure Sphere vulnerabilities could lead to the execution of arbitrary code or to elevation of privileges, Cisco Talos' researchers warn. The cloud-based system on a chip platform was designed for Internet of Things security, and is comprised of a hardware platform, Azure Sphere OS, and the Azure Sphere Security Service.

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.

Google this week announced that an update for Chrome 84 includes 15 security patches, including for a serious vulnerability for which the tech giant awarded a $10,000 bug bounty. This vulnerability is CVE-2020-6542, a high-severity use-after-free bug in ANGLE, the Chrome component responsible for translating OpenGL ES API calls to hardware-supported APIs available for the operating system.

Critical flaws in Adobe's Magento e-commerce platform - which is commonly targeted by attackers like the Magecart cybergang - could enable arbitrary code execution on affected systems. Adobe on Tuesday released security updates for flaws affecting Magento Commerce 2 and Magento Open Source 2, versions 2.3.5-p1 and earlier.

Adobe informed customers on Tuesday that it has patched several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products. In the Windows and macOS versions of Bridge, Adobe fixed three critical out-of-bounds read and out-of-bounds write vulnerabilities that can be exploited by an attacker to execute arbitrary code in the context of the targeted user.