Security News

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems. Affected products include Adobe's Framemaker document processor, designed for writing and editing large or complex documents; Adobe's Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.

Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect. In total, the company fixed eight vulnerabilities today, with the majority of them rated as Critical as they allow arbitrary code execution.

This week Samsung has started rolling out Android's March security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. This comes after Android had published their March 2021 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.

IOTech announced the launch and availability of Edge XRT, its time-critical edge platform for Microsoft Azure Sphere. Designed and optimized for resource-constrained environments, Edge XRT delivers out-of-the-box device connectivity and edge intelligence for microcontroller units, gateways and smart sensors at the IoT edge.

Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component. Tracked as CVE-2021-0397 and affecting Android 8.1, 9, 10, and 11 releases, the security issue could allow an attacker to execute code remotely on a vulnerable device.

Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. Affected by the critical flaws is the GenuGate High Resistance Firewall, which Genua touts as a two-tier firewall that includes an application-level gateway and a packet filter for blocking malicious data.

A critical, easy to exploit vulnerability may allow attackers to remotely connect to a number of Rockwell Automation's programmable logic controllers and to install new firmware, alter the device's configuration, and so on. Rockwell Automation's PLCs are used around the world to control industrial equipment.

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure Multi-Site Orchestrator that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. Separately, the company also patched multiple flaws in Cisco Application Services Engine that could grant a remote attacker to access a privileged service or specific APIs, resulting in capabilities to run containers or invoke host-level operations, and learn "Device-specific information, create tech support files in an isolated volume, and make limited configuration changes."

Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept exploit code for a critical remote code execution bug affecting a Windows graphics component. The Project Zero researchers discovered the vulnerability, tracked as CVE-2021-24093, in a high-quality text rendering Windows API named Microsoft DirectWrite.

A critical vulnerability in Cisco Systems' intersite policy manager software could allow a remote attacker to bypass authentication. The flaw stems from improper token validation on an API endpoint in Cisco's ACI MSO. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller devices," said Cisco on Wednesday.