Security News
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks.
Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution. Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being critical in severity.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks.
A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution attacks - without any user interaction. Researchers on Thursday revealed further details behind the critical Android flaw, which was patched earlier this week as part of Google's February Android Security Bulletin.
More than 80 percent of organizations impacted by CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller and Gateway, have already taken steps to secure their deployments. The security bug impacts multiple versions of Citrix ADC and Gateway, but Citrix has already released permanent patches for all of them, as attacks started to ramp up.
About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller and Citrix Gateway are still at risk from a trivial attack on their internal operations. "The critical information about applications accessible by Citrix can be leaked," he explained.
One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could lead to code execution. While no user interaction is required for the attack to be successful, the adversary needs to know the target device's Bluetooth MAC address and Bluetooth has to be enabled.
Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol, the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. Every device, Cisco device, sends packets from time to time saying, 'Hi, my IP address is this, My name is this, my operating system is this' and all kinds of information and they collect the Cisco devices' information about one another, about their neighbors.
Cisco is issuing patches for five critical vulnerabilities that have been discovered in Cisco Discovery Protocol, the info-sharing layer that maps all Cisco equipment on a network. CDP is a Cisco proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment.
Google has patched some serious bugs in Android, including a couple of critical flaws that could let hackers run their own code on the mobile operating system. What Google does tell us in its February 2020 advisory is that it lies in the system component of Android, which contains the system apps that ship with the OS. It's a remote code execution bug in the context of a privileged process, giving the attacker a high level of access to the operating system, and it applies to versions 8.0, 8.1, and 9 of the Android Open-Source Project, on which the various phone implementations of Android are based.