One of the areas contributing to the rise of cyber attacks is the use of third-party services. While these services appear a convenient means to run processes at various organizations, particularly the startups, they also pose risk to the integrity of the users systems. Recently, researchers discovered a similar problem. Allegedly, they found numerous Adobe sandbox vulnerabilities that affected one of the users of the service.
Adobe Sandbox Vulnerabilities Discovered
Researchers at Swascan have discovered multiple Adobe Sandbox vulnerabilities that posed a serious threat to the users. As disclosed in their blog post, Swascan Team found as many as five different security vulnerabilities in the service.
Reportedly, the cybersecurity team at Swascan came across the flaws during their security analysis for an European media firm. As they highlighted with their analysis, they noticed that the vulnerabilities they observed actually existed due to Adobe Sandbox.
“most of the vulnerabilities and exposures we had found were depending on a third-party service: Adobe, and its Sandbox Service which our customer bought for its own internal use.”
Allegedly, what they discovered included two high-severity flaws, two medium-severity vulnerabilities, and a single low-severity vulnerability. Upon exploit, these vulnerabilities threatened the integrity and confidentiality of the systems.
Adobe Patched The Flaws
Upon finding the vulnerabilities, Team Swascan got in touch with Adobe PSIRT to patch the flaws. As revealed, Adobe patched the flaws while Swascan remained in close collaboration with the vendors. While they haven’t disclosed the technicalities of the flaws, they did appreciate Adobe’s response towards their report. Besides, they also emphasized the importance of such collaborations between the cybersecurity experts and software vendors.
“CERTs and PSIRTs they do play an highly critical, important role in the security ecosystem of nowadays digital world.”
Certainly, the vigilance and interest of the vendors towards patching vulnerabilities are imperative to avoid cyber attacks. Otherwise, we already know of breaches and cyber attacks that took place merely because of the negligence of vendors.
Let us know your thoughts about this article in the comments section