One Tuesday, a leading software Adobe released emergency updates for three of its primary and popular products that cover multiple freshly discovered critical vulnerabilities.
Initially, it was difficult to trace and understand the impact of these vulnerabilities on businesses. It was equally difficult to scrutinize the different circumstances that your eCommerce website development is exposed to due to the unwanted flaws.
The following is the list of popular and primary products-
- Magento eCommerce platform
- Adobe Bridge
- Adobe Illustrator
All these products experienced a total of 35 vulnerabilities and each of them are affected with varied grave drawbacks majorly revolving around arbitrary code execution.
Talented Magento development services have the caliber to scrutinize such drawbacks and protect you from potential threats and malpractices associated with it.
In this extract, we have discussed the following-
- Expert’s Opinion on Adobe Illustrator, Bridge, and Magento Security
- Comprehensive Update on Magento Security
- Obtain Profound Understanding about Adobe Illustrator and Bridge Vulnerabilities
Expert’s Opinion on Adobe Illustrator, Bridge, and Magento Security
As per the security advisory released by Adobe- Illustrator is one of the most recognized designing software across the globe with over million users. But, this software comprises 5 significant grave execution drawbacks.
The presence of memory corruption bugs in the Windows version is the main cause of execution flaws in the software.
Security researcher Mat Powell discovered 17 new drawbacks in the Adobe Bridge version 10.0.1 for Windows operating systems and also the digital asset management app.
Among these 17 drawbacks, 14 of them were highly-prone to code execution attacks and were extremely severe. The remaining 3 drawbacks pertained to information disclosure issues.
Apart from these, Adobe also shared updates for open source and eCommerce platforms editions of Magento CMS that covers over 13 vulnerabilities- 6 critical, 4 essential, and 3 moderately severe.
Examining the flaws and vulnerabilities is one aspect but realizing its impact on the business and coping with them is an entire different journey. Adobe experts realized the seriousness of the issue and immediately worked on it.
In due process, it became mandatory for businesses to be mindful of all the security aspects. Any alteration in third-party access became a serious issue as a constant threat of an attacker hovered in the mind.
In such circumstances, a retailer can hire a retail IT solution provider that can protect their Magento eCommerce platform from unwanted access and intrusion.
As per the expert’s opinion, all critical arbitrary code execution can be exploited by either a wicked authenticated user or an attacker who has acquired rights from an admin-equivalent account.
An intruder doesn’t need high-end admin rights to work on moderate and important drawbacks. However, they do need adequate access to the account to exploit those issues.
The attackers can easily track critical-rated CVEs, make unwanted changes and disrupt the original version. This can be a major threat to businesses as an attacker can misuse the official business data.
In case your business is based on Magento eCommerce platform, then it is suggested that you upgrade the website to the latest Magento version immediately.
Comprehensive Update on Magento Security
When the first wave of security updates was released, it highlighted a total 13 flaws. One of these flaws had a significant negative effect on the supported versions of Magento-the most trending eCommerce platform.
Furthermore, six Magento vulnerabilities appeared to be critical either in command injection or security mitigation. Unauthorized remote attackers can take advantage of these vulnerabilities to enable arbitrary code execution.
The remaining vulnerabilities are less grave and can result in disclosure of confidential information, uninformed code execution, unauthorized signature verification, unlicensed access to the admin panel (specifically on Magento 1 versions), and unofficial product discounts.
A reliable Magento development company recommended admins to upgrade the following versions with the rectified version as soon as possible-
- Magento Open Source (2.3.4-p2 Open Source or 2.3.5 Open Source)
- Magento Commerce (2.3.4-p2 Commerce or 2.3.5 Commerce)
- Magento Community Edition 188.8.131.52
- Magento Enterprise Edition 184.108.40.206
Obtain Profound Understanding about Adobe Illustrator and Bridge Vulnerabilities
The Adobe Illustrator application had a memory corruption vulnerability which offered remote attackers the authority to implement arbitrary code on the victim’s system.
In the presence of this vulnerability, an unauthorized attacker got quick access to the victim’s file and they can implement their desired codes under the pretext of the victim’s access.
A few sources mention that this can result in denial of services.
In case you have Illustrator version 24.0.2 or any older version on Windows, it’s time to get an upgraded version. All these vulnerabilities have been fixed in Adobe Illustrator 2020 version 24.1.2.
A couple of vulnerabilities came to sight in the Adobe Bridge application. The misuse of these vulnerabilities can lead to smooth access of confidential information to the intruder.
Besides, they also can alter codes and implement unwanted changes in files and the system. With these vulnerabilities intact in your system, attackers can login as a user and can perform unwanted activities such as-
- Memory corruption
- Out-of-bounds write
- Unauthorized easy access
- Heap overflow
- Stack-based buffer overflow
The attack severity depends on the user login rights and actions performed while installing a program, deleting or viewing the system.
These were not normal flaws that can be easily managed with the updated version. Instead, Adobe put additional efforts to fix these issues especially in After Effects, ColdFusion, and Digital Edition applications.
In case, you have previous digital asset management Adobe Bridge for Windows or version 10.0.1, then you are prone to these 17 vulnerabilities of which 14 are quite critical.
However, you can skip getting exposed to these vulnerabilities with the latest Adobe Bridge version 10.0.4.
Experts have profound knowledge and can guide you in the best direction to protect your business from such vulnerabilities. They can warn you against the possible malpractices.
They can also recommend a suitable solution that can help surpass such trying times. With reliable versions, tech experts can upgrade your systems and the data can be protected from all unprofessional activities from attackers.
Want to learn more about how to upgrade your adobe software and Magento platform?
Get in touch with our experts to know more.