Please see Security Advisories for the week ending July 24, 2020
- Citrix Releases Security Updates for Workspace App for Windows
- Adobe Releases Security Updates for Several Products
- Cisco Releases Security Updates for ASA and FTD Software
________________________________
Citrix Releases Security Updates for Workspace App for Windows
Situation
Citrix has found a vulnerability in its automatic update service of its workspace app pre v2006.1 or 1912 LTSR CU1 for windows.
Problem
In Citrix update application pre v2006.1 or 1912 LTSR CU1 there is a vulnerability where local users can exploit the software and elevate their user privileges to a local admin and possibly do harm to the system by installing software or possible malware. The vulnerability can be used remotely if SMB is enabled on the device.
Implication
Leaving the software unpatched would allow a way for a user to carefully exploit the vulnerability and elevate their privileges to local admin and be able to make system level changes. The vulnerability can be used remotely if SMB is enabled on the device.
Need
Citrix recommends installing the latest version of Citrix Workspace app for windows and visit their advisory page for more information.
For a brief overview:
For a detailed overview:
https://support.citrix.com/article/CTX277662
________________________________
Adobe Releases Security Updates for Adobe Bridge, Adobe Photoshop, Adobe prelude, and Adobe Reader Mobile
Situation
Adobe has discovered and patched vulnerabilities for several of its product: Adobe Bridge, Adobe Photoshop, Adobe Prelude, and Adobe Reader Mobile.
Problem
Adobe has identified and patched vulnerabilities affecting: Adobe Bridge, Adobe Photoshop, Adobe Prelude, and Adobe Reader Mobile. An attacker can exploit this vulnerability and take control of an affected system.
Implication
Failure to patch systems could result in loss of control of affected systems, possible compromise of system and network integrity.
Need
Adobe advises patching to the latest version of: Adobe Bridge, Adobe Photoshop, Adobe Prelude, and Adobe Reader Mobile.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/07/22/adobe-releases-security-updates
For a detailed overview:
https://helpx.adobe.com/security.html
________________________________
Cisco Releases Security Updates for ASA and FTD Software
Situation
Cisco has discovered a vulnerability in its Adaptive Security Appliance software and its Firepower Threat Defense software that could allow an unauthenticated remote attacker to leak data from the affected devices.
Problem
A vulnerability in Cisco’s ASA and FTD systems could allow remote attackers to attack and leak sensitive information as there is not proper input validation of URL’s in HTTP requests from affected devices using Cisco Any Connect or Cisco Web connect.
Implication
Unpatched systems are left vulnerable to this type of attack and could lead to sensitive information leak and possible ASA or FTD of system files which may lead to further access.
Need
Cisco has released updates for its ASA and FTD platforms to address this issue and recommends updating as soon as possible.
For a brief overview:
For a detailed overview:
