The United States Computer Emergency Readiness Team (US-CERT) announced on November 10 (US time) that a vulnerability existed in multiple products provided by Adobe in “Adobe Releases Security Updates for Multiple Products | CISA”. He said he had released a security update. The target products are “Adobe Connect” and “Adobe Reader Mobile”, and if the vulnerability is left unattended, there is a risk of suffering damage such as cross-site scripting (XSS) attacks and information leakage.
Information about vulnerabilities in each product is summarized in the following security advisory by Adobe.
- Security updates available for Adobe Connect | APSB20-69
- Security update available for Adobe Reader Mobile | APSB20-71
- Adobe Connect Downloads and Updates
In Adobe Reader Mobile, one vulnerability has been reported that leads to information leakage due to a problem in implementing access control. The affected version is 20.6 or earlier and can be resolved by updating to version 20.9.0.
Both vulnerabilities are classified second in three levels of importance. The priority for applying updates is “3”, which is the lowest of the three levels. This is not urgent, but we recommend updating at any time.