Security News

Adobe has patched a critical arbitrary code execution vulnerability in Flash Player. "Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user," Adobe explained in its advisory.

Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website. Adobe Flash has long been a source of security vulnerabilities that allow attackers to install malware, execute commands, and takeover of computers when visiting malicious websites.

Adobe is suffering a 'major' outage that prevents users from logging in to Creative Cloud or accessing their subscribed applications or stored data. Since approximately 9:30 a.m EST, Adobe Creative Cloud users have reported difficulty logging into the service or accessing saved images and data.

Adobe on Tuesday informed customers that it has patched a total of 18 vulnerabilities across its Experience Manager, FrameMaker and InDesign products. In its InDesign design and publishing product, Adobe fixed five critical memory corruption bugs that can allow an attacker to execute arbitrary code in the context of the targeted user.

The cross-site scripting flaws could allow attackers to execute JavaScript in targets' browsers. Including Adobe Experience Manager, Adobe fixed 18 flaws as part of its regularly scheduled September updates.

Adobe has made available in open source a tool designed to identify randomly generated strings in any plain text. Dubbed Stringlifier, the tool was written in Python and leverages machine learning to differentiate random character sequences from normal text sequences.

Patch Tuesday used to be Microsoft's day to release patches. Patch watchers at the Zero Day Initiative said that, including the 120 product security bulletins posted this August, Microsoft is just 11 patches away from surpassing its 2019 full-year total with four months still to go in 2020.

Adobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app. As part of its regularly scheduled security updates, Tuesday, Adobe fixed critical- and important-severity flaws tied to 26 CVEs - all stemming from its popular Acrobat and Reader document-management application - as well as one important-severity CVE in Adobe Lightroom, which is its image manipulation software.

Adobe on Tuesday informed customers that it has patched 26 vulnerabilities in its Acrobat and Reader products, including 11 critical flaws that can be exploited to bypass security features and for arbitrary code execution. The remaining two critical vulnerabilities can allow an attacker to bypass security features.

A week after July 2020 Patch Tuesday, Adobe has released out-of-band security updates to fix thirteen vulnerabilities - twelve of which critical - in Adobe Photoshop, Bridge, Prelude, and Reader Mobile. The Adobe Photoshop updates deliver fixes for Photoshop CC 2019 and Photoshop 2020 on Windows and macOS, which resolve five critical out-of-bounds read/write issues that could lead to arbitrary code execution.