Adobe News, Articles and Updates

Top security flaws move to Microsoft from Adobe

Hackers more likely to use cryptocurrency mining malware than an exploit kit, report says. Malware campaigns have shifted focus onto Microsoft and cryptocurrency mining rather than using flaws in Adobe Flash and exploit kits.

Patch Tuesday: Adobe patches 7 critical flaws

Patch Tuesday Adobe included updates for Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver with seven critical vulnerabilities.

Adobe ReaderDC arbitrary code execution vulnerability found

Cisco Talos has made public a new vulnerability in Adobe ReaderDC that if exploited can lead to arbitrary code execution.

Microsoft Patch Tuesday: Nearly 50 patches, most for privilege escalation

Microsoft patched nearly 50 vulnerabilities this month, including patches for an Adobe Flash Player zero-day vulnerability that was announced earlier this month.

Adobe Patch Tuesday patches issues in Acrobat, Reader & Experience manager

Adobe's Patch Tuesday updates included security updates for Adobe Acrobat and Reader for Windows and Macintosh to address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Desperately needed fix for Flash Player bug exploitation released by Adobe

Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123.

Attackers exploit critical Adobe Flash Player zero-day bug; no patch yet

Adobe Systems says it plans to address a critical zero-day vulnerability in Flash Player that a researcher asserts is being actively exploited in the wild to attack South Koreans conducting research on North Korea.

New and old Windows vulnerabilities top Alienvault list

Adobe's Flash Player may gain a lot of negative headlines, but when it comes to the most frequented targeted software Microsoft Office and Windows beat out the much maligned Adobe software.

Patch Tuesday: Adobe issues lone patch for Flash Player

The first patch Tuesday of 2018 has Adobe issuing its first patch for the new year, a lone entry for Flash Player rated as "important".

Turla cyber-espionage group fakes Adobe to drop malware on embassies

Cyber-espionage group Turla is reported to be targetting embassies and consulates in the post-Soviet states using a new tool to dupe potential victims into installing malware to exfiltrate data.

Adobe Patch Tuesday: 62 vulnerabilities for Acrobat, 5 critical for Flash

Adobe's November Patch Tuesday included 83 patches, including fixes for five critical-rated issues in Flash Player. Reader and Acrobat, by themselves, generated more than five dozen CVEs.

Did Israel deliver spyware using Adobe Flash 0-day in Word document?

A new Adobe Flash zero day exploit has been identified, reportedly used in an attack on 10 October by a threat actor known as BlackOasis and delivered through a Microsoft Word document to deploy the FinSpy commercial spyware.

Adobe Patch Tuesday: Flash Player with two critical updates

Adobe issued a light load of Patch Tuesday security updates today releasing only eight, with five rated critical with two of these affecting Flash Player.

Patched Acrobat Reader heap overflow flaw could result in remote code execution

One of the vulnerabilities patched in Adobe's most recent software update was a flaw in the JPEG decoder and parser of Adobe Acrobat Reader, which could have been exploited to execute code remotely.

Adobe to pay $1M for breach

Adobe will be paying $12 million to 15 states to settle a breach claim.

Adobe patches flaw in ColdFusion that opens apps up to attack

A security researcher has disclosed a number of vulnerabilities in Adobe software following the issuing of a hotfix for a problem with Adobe's ColdFusion

Adobe issued hotfix for critical information disclosure vulnerability in ColdFusion

Adobe has released security hotfixes for a critical information disclosure vulnerability that exists in ColdFusion versions 10 and 11, across all platforms.

Zerodium puts out $100,000 contract on Flash's heap isolation

The bug bounty broker Zerodium has offered big bucks to whoever can crack Flash's recent heap isolation security update.

Adobe issues new batch of patches

Another emergency patch to guard against exploits in the wild

Facebook ditches Flash videos to boost security

Facebook has ditched insecure Flash in favour of HTML5 for all its videos but will still use Flash in games, and is working with Adobe to secure technology.

Patch madness! 273 vulnerabilities from four vendors in one week

When it comes to fixing vulnerabilities, this week will be hard to beat with just four vendors issuing a total of 273 patches. The big question is does that mean we are getting more, or less, secure?

Adobe Shockwave Player update addresses critical vulnerability

Adobe on Tuesday released a security update for Shockwave Player that addresses a critical memory corruption vulnerability.

Update: Security expert warns users against Flash Player

Brian Krebs, the mastermind behind Krebs on Security, has expressed doubts about Adobe's Flash, despite recent patches

Adobe patches flaw in LiveCycle Data Services

Adobe released a hotfix for LiveCycle Data Services, patching a vulnerability that could result in information being disclosed.

Adobe updates Flash Player and AIR, fixes 35 bugs

Adobe's Flash Player and AIR updates fix 35 bugs, the majority of which could lead to code execution.