Microsoft is not the only company releasing updates for its products on the second Tuesday of the month. Adobe developers also fixed a number of critical vulnerabilities in Flash Player, Framemaker, and Experience Manager.
In Flash Player, security updates for which will continue to be released only until the end of this year, the critical use-after-free vulnerability has been fixed. The problem allowed an attacker to execute arbitrary code in the context of the current user. A patch for this vulnerability is included in Flash Player 32.0.0.387 (including for Chrome, Edge and Internet Explorer).For many years, Flash has been one of the most “leaky” products on the market, creating more and more security risks, despite the regular release of dozens of patches. So, back in 2010, Steve Jobs devoted a detailed article to the problem, in which he explained in detail why Flash does not belong to Apple devices. Unfortunately, the situation has not improved since then. Although Flash is preinstalled in almost all modern browsers, the plugin is now disabled by default (and it is not recommended to enable it)”, — wrote ZDNet reporters wrote about Flash.
The developers of Chrome, Edge and Firefox have for a long time promoted the use of HTML5, as well as most developers of online services.
Three critical vulnerabilities were fixed right in the Adobe FrameMaker document processor, including two out-of-bounds write problems that allow arbitrary code to execute, as well as an error in the integrity of information in memory that could also be used to execute code.
The Adobe Experience Manager content management solution fixed six XSS bugs, as well as a server-side request forgery (SSRF) vulnerability. All of these vulnerabilities are rated as important. So, XSS problems can be used to execute arbitrary JavaScript code in the user’s browser, and SSRF to receive confidential information.
These vulnerabilities were not attacked or exploited by cybercriminals”, – representatives of Adobe reported.
Let me remind you that this week other manufacturers also submitted patches for their products. So, the June “Tuesday of updates” became the largest in the history of Microsoft: 129 problems were fixed right away.
SAP developers released 17 security bulletins and prepared patches for Apache Tomcat (CVE-2020-1938), two bugs in SAP Commerce (CVE-2020-6265, CVE-2020-6264), vulnerabilities in SAP Success Factors (CVE-2020- 6279) as well as issues in NetWeaver (CVE-2020-6275).
Intel has fixed more than 20 different vulnerabilities, including bugs in the Innovation Engine (CVE-2020-8675) and Special Register Buffer (CVE-2020-0543). The latter problem is called CrossTalk, and it allows “dumping” confidential data from SGX enclaves.
Let me remind you that not so long ago, Adobe developers fixed critical vulnerabilities in Magento, Adobe Illustrator and Bridge.
