Adobe releases new security fixes for Connect, Reader Mobile

This month’s update is small in comparison to last month’s flurry of emergency fixes.
Written by Charlie Osborne, Contributing Writer

Adobe has released a small security update to resolve vulnerabilities in Connect and Reader Mobile. 

The tech giant's standard monthly security release included two advisories; one relating to the Adobe Connect remote conferencing and collaboration tool, and the other to Reader Mobile, a mobile version of the firm's .PDF document reader and manager. 

The first advisory details CVE-2020-24442 and CVE-2020-24443, two reflected cross-site scripting (XSS) issues in Connect. The bugs, considered "important," can be exploited to execute arbitrary JavaScript code in a browser. 

See also: Adobe to buy marketing software firm Workfront for $1.5 billion

Adobe's second security bulletin reveals a fix for CVE-2020-24441, an "important" bug in Reader that relates to improper access control. If exploited by an attacker, this vulnerability can lead to information disclosure. 

CNET: Ex-Microsoft engineer gets 9-year prison sentence for fraud scheme

Adobe thanked researchers Pedro Oliveira, Saulius Pranckevicius, and Shaun Budding for reporting these security issues privately. 

Last month, Adobe resolved a single vulnerability in its standard monthly update, a critical code execution issue found in Flash.

The company also released two out-of-band releases in October to fix critical security flaws in software including Magento, Photoshop, Illustrator, and InDesign. (1,2)

TechRepublic: DDoS attacks: How to combat the latest tactics

In related news, Microsoft's Patch Tuesday security release tackled 112 vulnerabilities, including 24 remote code execution (RCE) bugs and a zero-day flaw currently being exploited in the wild. 

On November 9, Adobe announced the purchase of Workfront for $1.5 billion. The marketing firm's content delivery and analytics solutions are destined to join Adobe's Experience Cloud platform. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards