Security News

Adobe has released security updates to address critical vulnerabilities affecting ten of its Windows and macOS products that could allow attackers to execute arbitrary code on devices running vulnerable software versions. Adobe has released a security update for Adobe InDesign that fixes an Uncontrolled Search Path vulnerability in the Creative Cloud Desktop Application installer for Windows that could lead to arbitrary code execution.

Adobe last week patched a total of nine vulnerabilities in its Magento e-commerce platform, including two critical issues. The vulnerabilities rated critical have been described as a "File upload allow list bypass" that can lead to arbitrary code execution, and an SQL injection flaw that can provide an attacker read or write access to the targeted store's database.

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player. Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.

Adobe has patched a critical arbitrary code execution vulnerability in Flash Player. "Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user," Adobe explained in its advisory.

Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website. Adobe Flash has long been a source of security vulnerabilities that allow attackers to install malware, execute commands, and takeover of computers when visiting malicious websites.

Adobe is suffering a 'major' outage that prevents users from logging in to Creative Cloud or accessing their subscribed applications or stored data. Since approximately 9:30 a.m EST, Adobe Creative Cloud users have reported difficulty logging into the service or accessing saved images and data.

Adobe on Tuesday informed customers that it has patched a total of 18 vulnerabilities across its Experience Manager, FrameMaker and InDesign products. In its InDesign design and publishing product, Adobe fixed five critical memory corruption bugs that can allow an attacker to execute arbitrary code in the context of the targeted user.

The cross-site scripting flaws could allow attackers to execute JavaScript in targets' browsers. Including Adobe Experience Manager, Adobe fixed 18 flaws as part of its regularly scheduled September updates.

Adobe has made available in open source a tool designed to identify randomly generated strings in any plain text. Dubbed Stringlifier, the tool was written in Python and leverages machine learning to differentiate random character sequences from normal text sequences.

Patch Tuesday used to be Microsoft's day to release patches. Patch watchers at the Zero Day Initiative said that, including the 120 product security bulletins posted this August, Microsoft is just 11 patches away from surpassing its 2019 full-year total with four months still to go in 2020.