Adobe Fixes Connect Hole

Tuesday, May 31, 2016 @ 04:05 PM gHale


Adobe released a patch last week for its Connect web conferencing software.

The fix takes care of some two dozen functionality bugs and one security flaw.

RELATED STORIES
Patched Flash Hole in Exploit Kit
Flash Zero Day Patched
Adobe Patches Flaw in Flash Library
Adobe Fixes Flash Zero Day

The vulnerability, tracked as CVE-2016-4118, affects Adobe Connect 9.5.2 and earlier for Windows. The flaw has a priority rating of 3 because Connect is a product attackers do not usually target.

The vulnerability is an untrusted search path issue affecting the Connect add-in installer. Attackers exploit the vulnerability to launch DLL loading attacks.

Adobe fixed the hole with the release of Adobe Connect 9.5.3. Adobe advises administrators to install the update at their discretion.