Content

Adobe patches flaw in LiveCycle Data Services

A hotfix released by Adobe on Tuesday addresses a vulnerability (CVE-2015-3269) in LiveCycle Data Services that could lead to information being disclosed.

The updated versions are 4.7.0.354169, 4.6.2.354169, 4.5.1.354169, and 3.0.0.354170 for Windows, Macintosh and Unix. Adobe rates the fix as a priority 3 update, which means the company recommends administrators install the update at their discretion. Priority 1 and 2 rated patches require faster action.

The vulnerability is associated with parsing crafted XML entities, which could lead to information being disclosed, Adobe said on its site.

“We are not currently aware of any reports of this vulnerability being exploited,” Adobe spokesperson Erika Strong told SCMagazine.com Tuesday in an email correspondence. “This issue was responsibly disclosed to Adobe.”

Adobe credited Matthias Kaiser of Code White for bringing the issue to the company's attention.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds