Cisco Talos’ Vulnerability Research team discovered two vulnerabilities have been disclosed and fixed over the past few weeks. 

Talos discovered a time-of-check time-of-use vulnerability in Adobe Acrobat Reader, one of the most popular PDF readers currently available, and an information disclosure vulnerability in the Microsoft Windows AllJoyn API. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website. 

Microsoft AllJoyn API information disclosure vulnerability 

 The AllJoyn API in some versions of the Microsoft Windows operating system contains an information disclosure vulnerability. 

TALOS-2024-1980 (CVE-2024-38257) could allow an adversary to view uninitialized memory on the targeted machine. 

AllJoyn is a DCOM-like framework for creating method calls or sending one-way signals between applications on a distributed bus. It primarily is used in internet-of-things (IoT) devices to tell the devices to perform certain tasks, like turning lights on or off or reading the temperature of a space. 

Microsoft fixed this issue as part of its monthly security update on Tuesday. For more on Patch Tuesday, read Talos’ blog here. 

CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.   

Adobe Acrobat Reader annotation object page race condition  

Discovered by KPC. 

Adobe Acrobat Reader, one of the most popular pieces o ..

Support the originator by clicking the read the rest link below.