Adobe And VMware Fixes Critical Vulnerabilities

Vulnerability Discovery
Vulnerability Discovery
  • Arbitary Code Execution vulnerability found in Adobe products.

  • Authentication Bypass Vulnerability in VMware products.

VMware and Apache both released their Patches with updated version.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address  critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user said Adobe

Solution for Fix Adobe product-

Adobe recommends users update their software installations to the latest versions by following the instructions below.

The latest product versions are available to end users via one of the following methods:

  • Users can update their product installations manually by choosing Help > Check for Updates.
  • The products will update automatically, without requiring user intervention, when updates are detected.

In VMware Security advisories ID VMSA-2018-0024.1

VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability.

The VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled.

This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.

Solution to patch VMware-

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Workspace ONE Unified Endpoint Management Console 9.7.x
Downloads and Documentation here

More from Priyanshu Sahay

Reddit Systems Got Hacked Through Insecure SMS 2FA SetUp

Reddit systems breached through SMS 2 Factor Authentication (FA) Hackers accessed Reddit...
Read More

Leave a Reply