Skip to main content
We are continuing to get a large number of reports of emails imitating Manx Telecom being sent to @manx.net addresses and are aware of over 35 subsequent account compromises.

Overview

Adobe have updated an advisory released in February, affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could result in arbitrary code execution, application denial-of-service attacks, and memory leaks. CVE-2024-20726 is an out of bounds write vulnerability, while CVE-2024-20730 is an integer overflow or wraparound vulnerability. CVE-2024-30301 is a critical vulnerability affecting Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier; the ‘Use After Free’ vulnerability that could result in arbitrary code execution in the context of the current user, however exploitation of this issue requires user interaction in that a victim must open a malicious file.

Apache have released an announcement addressing CVE-2024-32114, which is affecting ActiveMQ versions 6.x prior to 6.1.2. In ActiveMQ the default configuration does not secure the API web context, meaning that anyone can use these layers without any required authentication.

Foxit have released a vulnerability report detailing CVE-2024-25575, which affects Foxit PDF Reader. Specifically crafted JavaScript code inside a malicious document to trigger the vulnerability, which can lead to memory corruption and result in remote code execution. Successful exploitation requires a user to open a malicious file or visit a website with malicious code embedded while the browser plugin extension is enabled.

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

Adobe Security Bulletin

Apache Security Announcement

Foxit Vulnerability Report


If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates