Alert Level: LOW

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-025

DATE(S) ISSUED:

02/10/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution.

• Photoshop is Adobe’s flagship image editing software.
• Acrobat is a family of application software and Web services mainly used to create, view and edit PDF documents.
• Illustrator is a vector graphics editor and design program.
• Animate is a multimedia authoring and computer animation program.
• Dreamweaver is used to develop and design websites.
• Magento is a leading provider of cloud commerce innovation to merchants and brands across B2C and B2B industries.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Ubuntu Security Advisory

Number: AV21-065
Date: 8 February 2021

On 5 February 2021 Ubuntu released Security Notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 14.04 ESM

Exploitation of these vulnerabilities could result in denial-of-service, data modification or access to sensitive information.

The Cyber Centre encourages users and administrators to review the following web links and apply the necessary updates.

Ubuntu Security Notice (USN-4711-1)
https://ubuntu.com/security/notices/USN-4711-1
Ubuntu Security Notices
https://ubuntu.com/security/notices

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-022

DATE(S) ISSUED:

02/05/2021

OVERVIEW:

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the vulnerability could have less impact than if it was configured with administrative rights.
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

Google Chrome Security Advisory

On 2 February 2021 Google published a Security Advisory to address vulnerabilities in the following product:
Chrome for Desktop – versions prior to 88.0.4324.146
Stable Channel Update for Desktop

SonicWall Security Advisory

On 1 February 2021 SonicWall published an Alert to address a vulnerability in the following product:

Secure Mobile Access (SMA) 100 series – version 10.x
Urgent Patch Available for SMA 100 Series 10.x Firmware Zero-Day Vulnerability [Updated Feb. 3, 2 P.M. CST]

• HackTool:Win32/AutoKMS
• HackTool:Win64/AutoKMS
• Trojan:Win32/CryptInject!ml
• HackTool:Win32/Keygen
• HackTool:MSIL/AutoKms

Emotet
Kovter
ZeuS
NanoCore
Cerber
Gh0st
CoinMiner
Trickbot
WannaCry
Xtrat