Adobe has recently announced that it has patched complex vulnerabilities in the Connect and Reader Mobile products. In the case of Connect products, two important-severity indicated cross-site scripting (XSS) problems – which could be exploited to execute the arbitrary JavaScript in the victim’s browser.
The company noted that the patches have been released to hosted services and should be available for various on-premises deployments.
Even in Adobe Reader Mobile, the company fixed a critical-severity unethical access control flaw. This issue could disclose sensitive data and information. However, Adobe is not aware of any cyber-attacks exploiting these flaws.
Source: SecurityWeek