Security News

Adobe patched three flaws in Premiere Pro, another version of Adobe's video editing software that is more advanced than Adobe Premiere Rush. Adobe Premiere Pro versions 14.2 and earlier are affected; users are urged to update to version 14.3.

Adobe announced on Tuesday that it has patched 18 critical code execution vulnerabilities in its After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition products. Adobe fixed five critical out-of-bounds write, out-of-bounds read and heap overflow vulnerabilities that can be exploited for arbitrary code execution in the context of the targeted user.

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. "The vulnerabilities were found in the DIR-865L model of D-Link routers, which are meant for home network use," researchers wrote.

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. "The vulnerabilities were found in the DIR-865L model of D-Link routers, which are meant for home network use," researchers wrote.

Siemens' LOGO! programmable logic controllers are affected by critical vulnerabilities that can be exploited remotely to launch denial-of-service attacks and modify the device's configuration. According to Siemens, the vulnerabilities impact all versions of its LOGO!8 BM devices, which are designed for basic control tasks.

Over 5,000 global firms rely on Everbridge to keep their people safe and organizations running in anticipation of or amid critical events, whether natural, digital, or manmade. The Everbridge CEM solution provides an integrated, end-to-end approach for managing all phases of a critical event, accelerating the time to identify and resolve threats, and providing a unified, organizational view to facilitate more coordinated action.

IOTech, the Intelligent Edge Software company, announced the general availability of Edge XRT, a new software platform for time-critical and resource-constrained applications at the IoT Edge. Edge XRT greatly simplifies the development of time-critical IoT systems at the Edge and enables application portability, improved supportability and faster time-to-market for new IoT edge applications.

The critical flaws exist in Intel's Active Management Technology, which is used for remote out-of-band management of personal computers. The two critical flaws exist in the IPv6 subsystem of AMT. The flaws could potentially enable an unauthenticated user to gain elevated privileges via network access.

The most important of these patches are two Hot News Security Notes addressing critical vulnerabilities in SAP Liquidity Management for Banking and SAP Commerce. Also rated Hot News and featuring a CVSS score of 9.8 is a Security Note addressing hard-coded user credentials in SAP Commerce and SAP Commerce Data Hub.

"Microsoft's latest fixes in its June Patch Tuesday update show that when it comes to vulnerabilities, what's old is new again. The same vulnerabilities we've seen appear in Adobe Flash over the past few years, along with common cross-site-scripting issues, were addressed this month. As witnessed within Microsoft Office SharePoint, there were multiple XSS vulnerabilities identified in the same product - this could be the result of a researcher who found one flaw and decided to continue digging, or Microsoft itself going through similar flows of code to try to fix them all." "This month starts with CVE-2020-1281, a remote code execution vulnerability in Microsoft's Object Linking & Embedding. This vulnerability impacts Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way OLE validates user input. An attacker who sent a specially crafted file or program, or convinced a victim to download one, could execute malicious code on the victim's machine. Microsoft assigned this vulnerability a CVSS score of 7.8; a similar vulnerability, CVE-2017-0199, has been widely exploited including by the Lazarus group and APT 34.".