Security News

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. These critical flaws include a heap-based buffer overflow, out-of-bounds write glitch and two use-after free flaws.

Adobe has released security updates to address critical severity vulnerabilities affecting Adobe Acrobat and Reader for Windows and macOS that could enable attackers to execute arbitrary code on vulnerable devices. Adobe categorized the security updates as priority 2 updates which means that they address vulnerabilities with no public exploits in products that have "Historically been at elevated risk."

Adobe announced on Monday that it has appointed Mark Adams as its new chief security officer. Adams will report to Abhay Parasnis, Adobe's chief technology officer, and he will be responsible "For security-related decisions across the company, leading the teams responsible for the security of Adobe's infrastructure, products and services, as well as teams dedicated to security incident response and communications."

Worse still, Flash bugs seemed to show up very frequently as zero-days, the jargon term for exploitable security holes that are found by attackers before a patch is available, thus leaving even the most disciplined and swift-acting system administrators with zero days during which they could have been ahead of the crooks. If anything showed that Adobe's heart hasn't really been in Flash for many years, it was the story of how Apple banned Flash from the iPhone in 2010.

Microsoft has released the KB4577586 update to remove Adobe Flash from Windows and prevents it from being installed again. In September 2020, Microsoft announced that an optional update would be released in the fall to uninstall Adobe Flash Player and prevent it from being installed again on the same device.

Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user.

Adobe on Tuesday announced that it has released security updates for 10 of its products, patching a total of 20 vulnerabilities. In the Windows and macOS versions of Illustrator, Adobe fixed 7 critical vulnerabilities that can lead to arbitrary code execution in the context of the current user.

Adobe has released security updates to address critical vulnerabilities affecting ten of its Windows and macOS products that could allow attackers to execute arbitrary code on devices running vulnerable software versions. Adobe has released a security update for Adobe InDesign that fixes an Uncontrolled Search Path vulnerability in the Creative Cloud Desktop Application installer for Windows that could lead to arbitrary code execution.

Adobe last week patched a total of nine vulnerabilities in its Magento e-commerce platform, including two critical issues. The vulnerabilities rated critical have been described as a "File upload allow list bypass" that can lead to arbitrary code execution, and an SQL injection flaw that can provide an attacker read or write access to the targeted store's database.

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player. Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.