Adobe has recently announced that it has patched critical vulnerabilities in the Reader Mobile and Connect products. In Connect products, two important-severity indicated cross-site scripting (XSS) issues. They could be exploited to execute the arbitrary JavaScript within the victim’s browser.
The company noted that the patches have been released to hosted services and should be available for different on-premises deployments.
Read More: 4 Ways to Maximize your Security Budget amidst the Economic Downturn
Even in the Adobe Reader Mobile, the company fixed an important-severity unethical access control flaw – which could disclose sensitive data and information. However, Adobe is not aware of any cyber-attacks exploiting these flaws.
Source: securityweek