Security News

Adobe released security patches for vulnerabilities in its ColdFusion, After Effects and Digital Editions applications. Overall Adobe patched flaws tied to five CVEs as part of its regularly scheduled security updates, Tuesday.

Adobe has patched five vulnerabilities in its ColdFusion, After Effects and Digital Editions products, but none of the flaws appears too serious. In ColdFusion 2016 and 2018, Adobe addressed three important-severity vulnerabilities related to insufficient input validation, DLL hijacking, and improper access control.

Adobe unveiled the Adobe Digital Economy Index, the first real-time barometer of the digital economy, which analyzes trillions of online transactions across 100 million product SKUs in 18 product categories. Growing at a faster pace than the economy as a whole, the digital economy has never been more important than during the COVID-19 pandemic as consumers and businesses across the globe grapple with a digital-only reality.

Adobe has released another security patch outside of its usual routine this month to deal with a strange bug that can allow attackers to delete victims' files. Creative Cloud is a subscription-based service that lets users access its range of creative software products from Adobe online, and to use some cloud-based services that support them.

Adobe has issued a patch for a critical flaw that can be exploited to delete files from Windows computers running the Creative Cloud client. "Successful exploitation could lead to arbitrary File Deletion in the context of the current user," Adobe said in its bulletin today.

Creative Cloud acts as a central console for desktop users to quickly launch, manage and update their Adobe apps, such as Photoshop, Acrobat, Illustrator and more. "Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin."

A critical vulnerability patched on Tuesday by Adobe in its Creative Cloud desktop application can be exploited by hackers to delete arbitrary files. Adobe Creative Cloud is a set of applications and services used for video editing, graphic design, photography and web development.

Microsoft informed customers on Monday that it's working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution. According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles a "Specially-crafted multi-master font - Adobe Type 1 PostScript format."

On the second day of the Pwn2Own 2020 hacking competition, participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. Amat Cama and Richard Zhu of team Fluoroacetate earned $50,000 for demonstrating that they could hijack a system by exploiting use-after-free vulnerabilities in Adobe Reader and the Windows kernel.

Obscured by a long list of Microsoft patches and some fuss about a missing SMB fix, the answer is Adobe, which normally times its update cycle to coincide with the OS giant's monthly schedule. It's mostly a practical convenience - admins and end-users get all the important client patches at once, which includes Adobe's ubiquitous Acrobat and Reader software.