Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Patches Vulnerabilities in Connect, Reader Mobile

Adobe on Tuesday informed customers that it has patched vulnerabilities in its Reader Mobile and Connect products, but none of them appears too serious.

Adobe on Tuesday informed customers that it has patched vulnerabilities in its Reader Mobile and Connect products, but none of them appears too serious.

In Connect, Adobe says it has addressed two important-severity reflected cross-site scripting (XSS) flaws that can be exploited to execute arbitrary JavaScript in the targeted user’s browser. Each of these weaknesses was reported by a different researcher.

The company says the patches are already being rolled out to hosted services and they should become available for on-premises deployments later this week.

In the case of Adobe Reader Mobile for Android, the software giant fixed an important-severity improper access control issue that can lead to the disclosure of sensitive information.

Adobe says it’s not aware of any attacks exploiting these vulnerabilities and the company does not expect them to be targeted by hackers.

While Adobe has only released patches for two of its products, the company typically releases a second round of security updates after Patch Tuesday.

Advertisement. Scroll to continue reading.

Last month’s Patch Tuesday updates only addressed one vulnerability in Flash Player, but the company released another round of fixes on November 3 to address over a dozen flaws in Acrobat products.

Microsoft’s Patch Tuesday updates for November 2020 fix over 110 vulnerabilities, including one exploited in attacks

Related: Adobe Releases Security Updates for 10 Products

Related: Adobe Patches Critical Code Execution Flaws in AEM, FrameMaker, InDesign

Related: Adobe Patches Critical Code Execution Vulnerability in Flash Player

Related: Adobe Patches 11 Critical Vulnerabilities in Acrobat and Reader

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.