Adobe Digital Editions user data leakage Vulnerability
Release date:
Updated on:
Affected Systems:
Adobe Digital Editions 4.x
Description:
CVE (CAN) ID: CVE-2014-8068
Adobe Digital Editions is A software for reading and managing e-books and other Digital publications. It supports industrial standard e-books, such as PDF/A and EPUB.
Adobe Digital Editions 4.0 does not encrypt data sent to adelogs.adobe.com, which allows remote attackers to obtain sensitive information after stealing the network.
<* Source: Nate Hoffelder
Link: http://secunia.com/advisories/61551/
*>
Suggestion:
Vendor patch:
Adobe
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.adobe.com/cn/products/digital-editions.html
Adobe:
Http://twitter.com/AdobeSecurity/statuses/519826275008282624
Nate Hoffelder:
Http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries
This article permanently updates the link address: