Security News

In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University's mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website. Most of the emails observed came from multiple addresses that belonged to legitimate subdomains from different departments at the University of Oxford.

Adobe this week announced that it has introduced a protected mode in Adobe Acrobat DC for Windows. The Protected Mode in Acrobat DC is aimed at ensuring addition layers of security are available for users, thus improving the protection of desktop environments from potentially malicious code.

Adobe Audition, got a fix for two critical CVEs, both of which allowed arbitrary code execution via an out-of-bounds write. The company also fixed three arbitrary code execution CVEs in Adobe Premiere Rush, a tool for creating videos and sharing them via social media.

A week after the June 2020 Patch Tuesday, Adobe has plugged more critical security holes in some of its well known graphic design and video and audio editing software. The company has also announced that it will be adding the Protected Mode feature to the Windows version of Adobe Acrobat DC. The security updates.

Adobe patched three flaws in Premiere Pro, another version of Adobe's video editing software that is more advanced than Adobe Premiere Rush. Adobe Premiere Pro versions 14.2 and earlier are affected; users are urged to update to version 14.3.

Adobe announced on Tuesday that it has patched 18 critical code execution vulnerabilities in its After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition products. Adobe fixed five critical out-of-bounds write, out-of-bounds read and heap overflow vulnerabilities that can be exploited for arbitrary code execution in the context of the targeted user.

Adobe on Tuesday announced the release of security updates for its Flash Player, Framemaker and Experience Manager products. In Flash Player, for which Adobe plans on providing security updates only until the end of the year, the company patched a critical use-after-free bug that can allow an attacker to execute arbitrary code in the context of the current user.

Adobe released patches for four critical flaws in Flash Player and in its Framemaker document processor as part of its regularly scheduled updates. In Tuesday's June Adobe security updates, critical flaws tied to three CVEs were patched in Adobe Framemaker, which is Adobe's application designed for writing and editing large or complex documents.

Adobe just published a foursome of very tight-lipped security notifications about new patches. The bulletin APSB20-26 actually came out last week, on Patch Tuesday, leaving a gap at -25, suggesting that at least the patch in bulletin APSB20-15 was prepared in time for Patch Tuesday but didn't make the final cut, perhaps to give it time for additional testing or tweaking.

Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products. All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro's Zero Day Initiative.