Security News > 2022 > April > Adobe Creative Cloud Experience makes it easier to run malware

Adobe Creative Cloud Experience, a service installed via the Creative Cloud installer for Windows, includes a Node.js executable that can be abused to infect and compromise a victim's PC. Michael Taggart, a security researcher, recently demonstrated that the node.

"I have confirmed that the node.exe packaged with the Adobe Customer Experience service can run any JavaScript you point it to," he explained to The Register.

An Adobe customer posting to the Adobe Support Community post in February notes, "My protection program on my PC detected the folder Adobe Creative Cloud Experience, e.g. node.exe, as security risk." The advice given is to simply ignore the warnings.

Then there's a post from December, 2021, in which an Adobe customer inquires about Malwarebytes security software detecting a suspicious outbound connection from the node.

Exe in other Adobe applications like Photoshop has also elicited concern from those presented with warnings about the executable from their security applications.

The Register asked Adobe whether it considers the ability to run unsigned code systems via Creative Cloud Experience's node.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/07/adobe_cloud_malware/