Arbitary Code Execution vulnerability found in Adobe products.
Authentication Bypass Vulnerability in VMware products.
VMware and Apache both released their Patches with updated version.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user said Adobe
Solution for Fix Adobe product-
Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
In VMware Security advisories ID VMSA-2018-0024.1
VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability.
The VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled.
This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.
Solution to patch VMware-
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Workspace ONE Unified Endpoint Management Console 9.7.x
Downloads and Documentation here