Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X) Network Vulnerability

Summary

The host is installed with Adobe Digital Edition and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to gain access to potentially sensitive information when sniffing the network. Impact Level: Application.

Solution

Upgrade to Adobe Digital Edition version 4.0.1 or later. For updates refer to http://www.adobe.com/products/digital-editions/download.html

Insight

The flaw exists as sensitive data is insecurely transmitted to adelogs.adobe.com without any encryption.

Affected

Adobe Digital Edition version 4.0 on Mac OS X.

Detection

Get the installed version of Adobe Digital Edition with the help of detect NVT and check the version is vulnerable or not.

References

http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text
http://osvdb.com/113008
http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8068

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
Apple Safari libxml Denial of Service Vulnerability
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)

Take action and discover your vulnerabilities