Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code

Adobe addressed critical security issues in ColdFusion and InDesign. Users should install security updates immediately to ensure system safety.

Stay informed and prioritize security maintenance to address potential threats.

Attackers can exploit the vulnerabilities to execute arbitrary code, cause memory leaks, and bypass features.

Adobe ColdFusion | APSB23-40

ColdFusion, developed by Adobe, is a platform for creating and deploying web and mobile applications.

Adobe released updates for ColdFusion versions 2023, 2021, and 2018 to resolve the Improper Access Control and Deserialization of Untrusted Data.

There are flaws in the ColdFusion that can allow an attacker to execute arbitrary code and bypass security features.

Vulnerability CategoryVulnerability ImpactSeverityCVE NumbersImproper Access Control (CWE-284)Security feature bypass
 CriticalCVE-2023-29298Deserialization of Untrusted Data (CWE-502)Arbitrary code executionCriticalCVE-2023-29300Improper Restriction of Excessive Authentication Attempts (CWE-307)Security feature bypassImportantCVE-2023-29301

Affected versions

ProductUpdate numberColdFusion 2018Update 16 and earlier versions    ColdFusion 2021Update 6 and earlier versionsColdFusion 2023GA Release (2023.0.0.330468)

Fixed Version

ProductUpdated VersionColdFusion 2018Update 17ColdFusion 2021Update 7ColdFusion 2023Update 1 

Adobe InDesign | APSB23-38

InDesign by Adobe is a tool for producing digital media like flyers, posters, stationery, slideshows, and other materials.

Update Adobe InDesign to protect against security vulnerabilities that can be exploited by attackers to execute arbitrary code and cause memory leaks.

Vulnerability CategoryVulnerability ImpactSeverityCVE NumberOut-of-bounds Write (CWE-787)Arbitrary code executionCriticalCVE-2023-29308Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29309Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29310Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29311Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29312Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29313Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29314Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29315Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29316Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29317Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29318Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29319

Affected Versions

ProductAffected versionPlatformAdobe InDesignID18.3 and earlier version.Windows and macOS Adobe InDesignID17.4.1 and earlier version.                                         Windows and macOS 

Patched Versions

ProductUpdated versionPlatformPriority ratingAdobe InDesignID18.4Windows and macOS3Adobe InDesignID17.4.2Windows and macOS3

Adobe released further details about the flaw and credited security researchers for reporting the vulnerabilities.

The post Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code appeared first on Cyber Security News.

   Read More 

Cyber Security News