1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Adobe releases software updates to patch security issues

    From TechnologyDaily@1337:1/100 to All on Tuesday, December 24, 2024 15:45:05
    Adobe releases software updates to patch security issues

    Date:
    Tue, 24 Dec 2024 15:32:29 +0000

    Description:
    Security flaw could have granted hackers the ability to read sensitive information.

    FULL STORY ======================================================================Adobe patches a flaw found in two versions of ColdFusion It warned users to patch ASAP, since a PoC is available The bug can be used to create or overwrite critical

    Adobe has fixed a high-severity vulnerability found in two versions of ColdFusion, a rapid development platform for building web applications, APIs, and software.

    The vulnerability, tracked as CVE-2024-53961, is described as a path
    traversal flaw, affecting ColdFusion versions 2021 and 2023.

    It was given a severity score of 7.4 (high) and according to CWE, it can be used to create or overwrite critical files used to run code, such as
    programs, or libraries. Patch ASAP

    An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application, NIST explains. This could lead to the disclosure of sensitive information or the manipulation of system data.

    This isnt theoretical, either. According to BleepingComputer , proof-of-concept (PoC) exploit code is already available.

    "Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read," Adobe said in a security advisory, the publication stressed. The bug was given a "Priority 1" severity rating by the company, as it has "a higher risk of being targeted, by exploit(s) in the
    wild for a given product version and platform."

    Adobe urged users to apply the given patches immediately, preferably within
    72 hours. For ColdFusion 2021, thats Update 18, and for ColdFusion 2023,
    thats Update 12.

    While a PoC is available, there is no word if the vulnerability is actually being abused in the wild. The US Cybersecurity and Infrastructure Security Agency (CISA) doesnt seem to have added it to its Known Exploited Vulnerabilities (KEV) catalog, which could indicate that the evidence of
    abuse was not yet found.

    However, cybercriminals know that many organizations arent very diligent when it comes to patching, and will often rather go for known flaws, instead of looking for zero-days. And with a PoC already available, mounting an attack could be a walk in the park.

    Via BleepingComputer You might also like Adobe releases emergency patch for ColdFusion vulnerability Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/adobe-releases-software-updates-to-patc h-security-issues


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)