SIMonline

Service receive & sending SMS

Adobe fixes data leak error in Reader

266   |     /   Security

Adobe fixes data leak error in Reader
Adobe has released patches for Acrobat and Reader, Flash Player, ColdFusion, and Creative Cloud. One of Reader’s weaknesses is the critical issue of data leakage, the details of which were released by the researcher in January.



If you need to receive SMS online, use the SIMonline.su service

The company eliminated a total of 71 vulnerabilities in Acrobat and Reader. One of them has been described as a disclosure issue that could lead to leakage of confidential data.

The error was described in detail in a blog post published at the end of January by researcher Alex Infure, who showed how it can be used in a specially created PDF document to send SMB requests to an attacker’s server when opening a file.

The vulnerability is similar to CVE-2018-4993, which Adobe fixed last year. This allows the remote attacker to steal the NTLM user hash included in the SMB request and can be used to warn the attacker when his malicious PDF was opened by the target user.

Adobe has released a security update patch. This micropatch alerts the user when a document tries to connect to a remote server, and allows him to block the connection before sending any data.

Adobe reported that it assigned this vulnerability a CVE identifier of 2019-7089. The company says it knows about the publicly available “technical documentation” for this security hole.

This is the second time Adobe fixes a vulnerability similar to CVE-2018-4993.

Other weaknesses fixed by Adobe in Acrobat and Reader include many critical errors in arbitrary code execution caused by memory corruption errors.

In Flash Player, which will receive security updates by the end of 2020, Adobe has fixed only one “important” vulnerability that could lead to information disclosure.

Two flaws - one that allows code to be executed, and an XSS error that could lead to information disclosure - have been fixed in ColdFusion. One vulnerability has also been fixed in the installer of the Creative Cloud desktop application.

Adobe says it does not know about hacks for any of the vulnerabilities that were fixed in updates released in February 2019.


Similar news


Siri Lock Bypass on iPhone

You have a ton of very personal information on your phone. Text messages, emails, browser history, photos. The last thing you need is for someone to pick up the phone and gain access to all this data. That's why you lock your phone with a password, code, pattern or fingerprint.

Caution, malicious videos will crash your iPhone or iPad

You should always be careful when following a link, but if you have an iOS device, a new threat appears that you should beware of. This is a link that points to a video - video that will overload your device until it shuts down. Some even freeze, displaying an iOS shutdown animation.

Malicious software reconfigures headphones to record sound

Want to listen to audio on your computer? You need speakers or headphones. Want to record a voice? Usually you need a microphone, but it turns out that your headphones are suitable for this.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2020

All rights reserved