Every day, nearly 70 brand-new vulnerabilities are discovered in software products around the world.
In the 100 most prevalent unpatched vulnerabilities, the majority are found in software by Adobe, Zoom, and Mozilla.
One critical vulnerability was close: CVE-2020-9633 in Adobe Flash Player.
Read on to see details of the top 5 unpatched critical vulnerabilities and the top 5 unpatched important vulnerabilities, as uncovered by ThreatDown, powered by Malwarebytes.
CVE-2020-9633: Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have a use after free vulnerability.
Installing a more recent version eliminates this vulnerability.
Upgrading to 5.15.5 or later eliminates this vulnerability.
Upgrading to version 5.15.0 or later eliminates this vulnerability.
Upgrading to version 5.15.2 or later eliminates this vulnerability.
CVE-2023-29320: Adobe Acrobat Reader versions 23.003.20244 and 20.005.30467 are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature.
Updating to the latest version eliminates the vulnerability.
CVE-2020-26664: A vulnerability in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a specially crafted file.
A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region.
Installing the 3.0.20 release of VLC eliminates the vulnerability.
The exploitation of the MOVEit vulnerability by Cl0p ransomware operators impacted over 60 million individual victims database, which lists publicly disclosed computer security flaws.
This is where dedicated software to alert staff about existing vulnerabilities in their environment integrated with patch management capabilities can help save the day.
Today Malwarebytes announced its offering customers its ThreatDown Vulnerability Assessment solution without extra costs to help reduce attack surfaces and improve their security posture.
The full featured comprehensive vulnerability scanning is now included in every ThreatDown Bundle at no additional cost via its integrated console.
Learn more about how ThreatDown bundles can help you to improve your security by quickly finding and fixing vulnerabilities here.
Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.
This Cyber News was published on www.malwarebytes.com. Publication date: Mon, 11 Dec 2023 10:43:06 +0000