Security News

Adobe on Tuesday released its first round of security updates for 2021, just as the company starts blocking Flash content. Adobe has patched a total of eight vulnerabilities across seven of its products, including Photoshop, Illustrator, Animate, Campaign Classic, InCopy, Captivate and Bridge.

The image is clickable and leads to Adobe's Flash Player EOL General Information Page where netizens are advised to uninstall Flash and fire it into the heart of the Sun. That page repeats Adobe's assertions that the likes of HTML5, WebGL, and WebAssembly "Have continually matured over the years and serve as viable alternatives for Flash content." Throw in the fact that "Major browser vendors are integrating these open standards into their browsers and deprecating most other plugins," and Adobe is content to let Flash become an ex-plugin.

Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. [...]

With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player. To help secure your system, Adobe will block Flash content from running in Flash Player beginning January 12, 2021.

After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years. In the release notes for the final Flash Player 32 and AIR 32 released this Tuesday, Adobe thanks all the developers and customers for the amazing Flash content they have created over the last two decades.

Adobe has released security updates to address critical severity security bugs affecting Windows and macOS versions of Adobe Lightroom and Adobe Prelude. In total, the company addressed four security vulnerabilities affecting three products, three of them rated as critical and one as an important severity bug in Adobe Experience Manager and the AEM Forms add-on package.

For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.

Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. This month's Adobe patch roundup included a critical cross-site scripting vulnerability in Adobe Experience Manager, the company's content-management solution for building websites, mobile apps and forms.

Adobe on Tuesday announced that security updates for its Prelude, Experience Manager and Lightroom products patch critical arbitrary code execution vulnerabilities. In the Windows and macOS versions of the Prelude video logging and ingest tool, Adobe fixed a critical uncontrolled search path issue that can lead to arbitrary code execution in the context of the targeted user.

Adobe on Tuesday informed customers that it has patched vulnerabilities in its Reader Mobile and Connect products, but none of them appears too serious. The company says the patches are already being rolled out to hosted services and they should become available for on-premises deployments later this week.