A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Multiple Critical Vulnerabilities Affecting Adobe Products

Advisory No: TZCERT/SA/2024/05/17-1

Date of First Release: 17th May 2024

Source: Adobe

Software Affected: Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver

Overview:

Multiple Adobe products are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerabilities to execute arbitrary code on affected system.

Description:

Adobe Acrobat and Reader, Adobe Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate, Adobe FrameMaker, and Adobe Dreamweaver are affected by numerous vulnerabilities. These include Use After Free, Out-of-bounds Write, Improper Input Validation, Improper Access Control, Stack-based Buffer Overflow, Heap-based Buffer Overflow, NULL Pointer Dereference, and OS Command Injection. Successful exploitation of these vulnerabilities may allow attackers to execute arbitrary code on the vulnerable systems.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Adobe has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
  2. https://helpx.adobe.com/security/products/illustrator/apsb24-30.html
  3. https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html
  4. https://helpx.adobe.com/security/products/aero/apsb24-33.html
  5. https://helpx.adobe.com/security/products/animate/apsb24-36.html
  6. https://helpx.adobe.com/security/products/framemaker/apsb24-37.html
  7. https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

TZCERT-SU-24-0521 (Intel Security Update)

Intel has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege.

Users and administrators are encouraged to review Intel Security Advisories dated 14th May 2024 and apply necessary updates.

TZCERT-SU-24-0520 (Ubuntu Security Update)

Ubuntu has released security updates to address vulnerabilities in Linux kernel, strongSwan and SQL parse. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition.

Users and administrators are encouraged to review Ubuntu Security Advisories USN-6766-2, USN-6772-1 and USN-6771-1 and apply necessary updates.

TZCERT-SU-24-0519 (HP Security Update)

Hewlett-Packard has released security updates to address vulnerabilities in HPE ProLiant servers and HPE Aruba. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review HP Security Advisories hpesbhf04593 and ARUBA-PSA-2024-006 and apply necessary updates.

TZCERT-SU-24-0518 (SUSE Security Update)

SUSE has released security updates to address vulnerabilities in Python, Linux kernel, postgresql15, OpenSSL, tpm2-0-tss and Perl. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review SUSE Security Advisories suse-su-20241667-1, suse-su-20241663-1, suse-su-20241653-1, suse-su-20241634-1, suse-su-20241635-1 and suse-su-20241630-1 and apply necessary updates.