Adobe and Microsoft have issued their monthly security updates to address critical security flaws in their respective products.

This month, the latest update for Adobe Flash Player deals with two serious vulnerabilities and impacts Windows, macOS, Linux, and Chrome OS versions of the software.

Both the vulnerabilities in Flash Player lead to random code implementation in the context of the current user, letting attackers take absolute control over beleaguered systems.

  • Same-origin method execution (CVE-2019-8069)
  • Use-after-free (CVE-2019-8070)

Both the weaknesses were reported to Adobe by security researchers working with the Trend Micro Zero Day Initiative platform.

Adobe has also issued a security update for Adobe Application Manager (AAM) for Windows to address an Insecure Library Loading (DLL hijacking) vulnerability in the installer.

On the other hand, on Tuesday, software giant Microsoft has fixed 80 vulnerabilities, including two Windows flaws that have been misused in attacks.

CVE-2019-1214 and CVE-2019-1215 are the zero-day weaknesses. The first impacts the Windows Common Log File System (CLFS), allowing a genuine attacker with unvarying user rights to intensify permissions to administrator. A researcher from the Qihoo 360 Vulcan Team spotted the security flaw, but there have been no details about the attacks misusing the susceptibility.

It’s worth observing that while all supported versions of Windows appear to be impacted by this flaw, the company says misuse is improbable against the latest versions of the operating system.

Microsoft has not ascribed anyone for the second zero-day it repaired on Tuesday. The company has described CVE-2019-1215 as a susceptibility in Winsock (ws2ifsl.sys) that lets a locally genuine attacker perform code with elevated rights.

In a blog post, experts at the Zero Day Initiative (ZDI) explained: “Interestingly, [ws2ifsl.sys] has been targeted by malware in the past, with some references going back as far as 2007. Not surprising, since malware often targets low-level Windows services.”

Related articles

Alarm Bell Rings for Microsoft Azure Customers for Exim Worm
Vulnerability Alerts

Alarm Bell Rings for Microsoft Azure Customers for Exim Worm

By CertX
ProxyLogon PoC Exploit Likely to Cause More Ominous Cyberattacks
Miscellaneous / Vulnerability Alerts

ProxyLogon PoC Exploit Likely to Cause More Ominous Cyberattacks

By CertX
Hackers could bypass malware detection by path traversal vulnerability
Vulnerability Alerts

Hackers could bypass malware detection by path traversal vulnerability

By CertX
Vulnerability Alerts

Microsoft Edge, Apple Safari and Oracle VirtualBox Hacked at Pwn2Own

By CertX
Critical Vulnerability in Drupal Allows Hackers to Capture Sites
Vulnerability Alerts

Critical Vulnerability in Drupal Allows Hackers to Capture Sites

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *