Adobe has released a small security update to resolve vulnerabilities in Connect and Reader Mobile.
The tech giant's standard monthly security release included two advisories; one relating to the Adobe Connect remote conferencing and collaboration tool, and the other to Reader Mobile, a mobile version of the firm's .PDF document reader and manager.
The first advisory[1] details CVE-2020-24442 and CVE-2020-24443, two reflected cross-site scripting (XSS) issues in Connect. The bugs, considered "important," can be exploited to execute arbitrary JavaScript code in a browser.
See also: Adobe to buy marketing software firm Workfront for $1.5 billion[2]
Adobe's second security bulletin[3] reveals a fix for CVE-2020-24441, an "important" bug in Reader that relates to improper access control. If exploited by an attacker, this vulnerability can lead to information disclosure.
CNET: Ex-Microsoft engineer gets 9-year prison sentence for fraud scheme[4]
Adobe thanked researchers Pedro Oliveira, Saulius Pranckevicius, and Shaun Budding for reporting these security issues privately.
Last month, Adobe resolved a single vulnerability[5] in its standard monthly update, a critical code execution issue found in Flash.
The company also released two out-of-band releases in October to fix critical security flaws in software including Magento, Photoshop, Illustrator, and InDesign. (1,2)
TechRepublic: DDoS attacks: How to combat the latest tactics[6]
In related news, Microsoft's Patch Tuesday[7] security release tackled 112 vulnerabilities, including 24 remote code execution (RCE) bugs and a zero-day flaw currently being exploited in the wild.
On November 9, Adobe announced the purchase of Workfront for $1.5 billion[8]. The marketing firm's content delivery and analytics solutions are destined to join Adobe's Experience Cloud platform.