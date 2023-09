By

Adobe tsis ntev los no tau tshaj tawm kev ruaj ntseg hloov tshiab los daws qhov teeb meem xoom-hnub hauv nws daim ntawv thov Acrobat thiab Reader. Qhov tsis zoo, lub npe hu ua CVE-2023-26369, tau siv rau hauv kev tawm tsam tsawg thiab tuaj yeem cuam tshuam rau Windows thiab macOS systems.

Qhov teeb meem kev ruaj ntseg tseem ceeb tso cai rau cov neeg tawm tsam kom tau txais kev ua tiav code los ntawm kev siv qhov kev sau ntawv tsis muaj zog. Txawm hais tias kev tawm tsam tsis yooj yim tuaj yeem ua tiav yam tsis tas yuav tsum muaj cai, nws yog ib qho tseem ceeb uas yuav tsum nco ntsoov tias qhov tsis zoo tsuas yog siv los ntawm cov neeg tawm tsam hauv zos thiab yuav tsum muaj kev sib cuam tshuam nrog cov neeg siv.

Hauv kev teb rau qhov hnyav ntawm qhov teeb meem, Adobe tau faib CVE-2023-26369 nrog qhov ntsuas qhov tseem ceeb tshaj plaws. Lub tuam txhab qhia tawm tswv yim rau cov thawj coj kom txhim kho kev ruaj ntseg hloov tshiab sai li sai tau, qhov zoo tshaj plaws hauv 72-teev lub qhov rais.

Cov khoom raug cuam tshuam muaj xws li Acrobat DC, Acrobat Reader DC, Acrobat 2020, thiab Acrobat Reader 2020. Rau ib daim ntawv teev tag nrho ntawm cov kev cuam tshuam, thov mus saib cov lus hauv thawj tsab xov xwm.

Tsis tas li ntawd, Adobe tseem tau hais txog ntau yam kev ruaj ntseg tsis zoo niaj hnub no. Cov kev tsis zoo no cuam tshuam rau Adobe Connect thiab Adobe Experience Manager software thiab tuaj yeem tso cai rau cov neeg tawm tsam kom tau txais kev ua txhaum cai. Cov vulnerabilities, hu ua CVE-2023-29305, CVE-2023-29306, CVE-2023-38214, thiab CVE-2023-38215, tuaj yeem raug siv los ua kom muaj kev cuam tshuam txog kev sib sau ua ke (XSS). Hom kev tawm tsam no tuaj yeem siv los nkag mus rau cov ntaub ntawv rhiab xws li ncuav qab zib thiab kev sib tham tokens khaws cia los ntawm lub hom phiaj web browsers.

Nws yog ib qho tseem ceeb rau cov neeg siv ntawm Adobe software kom ceev faj thiab tam sim ntawd nruab qhov tsim nyog kev ruaj ntseg hloov tshiab los tiv thaiv lawv lub cev los ntawm kev hem thawj.

Cov Ntsiab Lus:

- Zero-day vulnerability: Ib qho kev ruaj ntseg uas tsis paub rau tus neeg muag khoom software thiab tuaj yeem siv los ntawm cov neeg tawm tsam ua ntej thaj chaw lossis kho.

- Kev ua tiav Code: Lub peev xwm los khiav cov cai tswj hwm ntawm lub hom phiaj, muaj peev xwm tso cai rau tus neeg tawm tsam los tswj hwm lub system.

- Tawm-ntawm-kawg sau tsis muaj zog: Ib qho kev ua yuam kev uas tso cai rau tus neeg tawm tsam sau cov ntaub ntawv sab nraud ntawm ib thaj tsam ntawm qhov chaw nco tshwj xeeb, uas ua rau muaj kev ua txhaum cai phem.

- Hla-site scripting (XSS): Ib hom kev ruaj ntseg tsis zoo uas tso cai rau cov neeg tawm tsam los txhaj cov ntawv tsis zoo rau hauv cov nplooj ntawv web saib los ntawm cov neeg siv, uas ua rau muaj kev nyiag ntawm cov ntaub ntawv rhiab heev.

Qhov chaw:

- Adobe Security Advisory:

- Cov Vulnerability Scoring System v3.1 (CVSS v3.1):