Security News

Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition.

Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition.

Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect. In total, Adobe fixed 29 vulnerabilities with today's updates.

Adobe has released security updates to address vulnerabilities in Magento and Adobe Connect. Magento is a popular open-source e-commerce platform.

Software maker Adobe has shipped security patches for flaws in its Adobe Magento and Connect product lines, warning that exploitation could lead to remote code execution attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif. Software vendor.

Pulse Secure has shipped a fix for a critical post-authentication remote code execution vulnerability in its Connect Secure virtual private network appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020. "The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root," NCC Group's Richard Warren disclosed on Friday.

A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week.

A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week.

A recent spike in large-scale ransomware attacks has highlighted the vulnerabilities in the nation's critical infrastructure and the ease with which their systems can be breached. Cyberattacks and ransomware pose a greater risk to critical infrastructure than a non-digital external threat like a nation-state does, and the size and scale of the infrastructure has little to do with the scope of the risk; ransomware is just as much as threat to a water treatment plant in downtown Smallville, USA, as it is to a large-scale energy grid or gasoline pipeline.

The commonly used "Net" library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The vulnerability, tracked by CVE-2021-29922 and CVE-2021-29923 concerns how net handles mixed-format IP addresses, or more specifically when a decimal IPv4 address contains a leading zero.