The United States Computer Emergency Readiness Team (US-CERT) announced on November 10 (US time) that a vulnerability existed in multiple products provided by Adobe in “Adobe Releases Security Updates for Multiple Products | CISA”. He said he had released a security update. The target products are “Adobe Connect” and “Adobe Reader Mobile”, and if the vulnerability is left unattended, there is a risk of suffering damage such as cross-site scripting (XSS) attacks and information leakage.

Information about vulnerabilities in each product is summarized in the following security advisory by Adobe.

  • Security updates available for Adobe Connect | APSB20-69
  • Security update available for Adobe Reader Mobile | APSB20-71
  • Security updates available for Adobe Connect | APSB20-69

    Security updates available for Adobe Connect | APSB20-69

  • Security update available for Adobe Reader Mobile | APSB20-71

    Security update available for Adobe Reader Mobile | APSB20-71

Two vulnerabilities have been reported in Adobe Connect, both of which allow a cross-site scripting attack to execute arbitrary JavaScript code on a web browser. Versions prior to 11.0 are affected. Version 11.0.5 has already been released with the fix applied, but the specific update schedule depends on the version and license you are using. See the page below for details.

  • Adobe Connect Downloads and Updates

In Adobe Reader Mobile, one vulnerability has been reported that leads to information leakage due to a problem in implementing access control. The affected version is 20.6 or earlier and can be resolved by updating to version 20.9.0.

Both vulnerabilities are classified second in three levels of importance. The priority for applying updates is “3”, which is the lowest of the three levels. This is not urgent, but we recommend updating at any time.