Chemical Safety Incidents
Adobe Fixes Connect Hole
Tuesday, May 31, 2016 @ 04:05 PM gHale
Adobe released a patch last week for its Connect web conferencing software.
The fix takes care of some two dozen functionality bugs and one security flaw.
The vulnerability, tracked as CVE-2016-4118, affects Adobe Connect 9.5.2 and earlier for Windows. The flaw has a priority rating of 3 because Connect is a product attackers do not usually target.
The vulnerability is an untrusted search path issue affecting the Connect add-in installer. Attackers exploit the vulnerability to launch DLL loading attacks.
Adobe fixed the hole with the release of Adobe Connect 9.5.3. Adobe advises administrators to install the update at their discretion.