Security News
Adobe released a slew of patches for critical vulnerabilities Tuesday that were part of an out-of-band security update. Several of the critical flaws are tied to Adobe's popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices.
Adobe has released its scheduled July 2020 security updates, covering flaws in five different product areas: Creative Cloud Desktop; Media Encoder; Download Manager; Genuine Service; and ColdFusion. "Updates to both Adobe Download Manager and Media Encoder address critical vulnerabilities that could lead to arbitrary code execution," Justin Knapp, product marketing manager at Automox, told Threatpost.
Adobe has patched over a dozen vulnerabilities in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download Manager products. In the Windows version of Download Manager, Adobe fixed a critical command injection issue that could lead to arbitrary code execution, the company said in an advisory.
Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications. According to the advisory, the other three important flaws in this Adobe software are privilege escalation issues.
Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications. According to the advisory, the other three important flaws in this Adobe software are privilege escalation issues.
With Flash Player's Dec. 31, 2020 kill date quickly approaching, Adobe said that it will start prompting users to uninstall the software in the coming months. In a new post on its Adobe Flash Player EOL information page, Adobe said that after Dec. 31, it will freeze updates for Flash, remove Flash Player download links from its website, and block Flash-based content from running in Adobe Flash Player.
In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University's mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website. Most of the emails observed came from multiple addresses that belonged to legitimate subdomains from different departments at the University of Oxford.
Adobe this week announced that it has introduced a protected mode in Adobe Acrobat DC for Windows. The Protected Mode in Acrobat DC is aimed at ensuring addition layers of security are available for users, thus improving the protection of desktop environments from potentially malicious code.
Adobe Audition, got a fix for two critical CVEs, both of which allowed arbitrary code execution via an out-of-bounds write. The company also fixed three arbitrary code execution CVEs in Adobe Premiere Rush, a tool for creating videos and sharing them via social media.
A week after the June 2020 Patch Tuesday, Adobe has plugged more critical security holes in some of its well known graphic design and video and audio editing software. The company has also announced that it will be adding the Protected Mode feature to the Windows version of Adobe Acrobat DC. The security updates.