Security News

Adobe has released an out-of-band security update for Adobe Commerce and Magento Open Source to address active exploitation of a known vulnerability, and Google has an emergency issue, too. "Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the Silicon Valley stalwart said.

Make sure that the site where Magento or Adobe Commerce is actually running has downloaded and applied Adobe's latest patches. Adobe has released security updates for Adobe Commerce and Magento Open Source.

A zero-day remote code-execution bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said - prompting an emergency patch to roll out over the weekend. If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;.

Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe's apps are designed to foster collaboration by sharing documents.

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Though attackers are primarily targeting Office 365 users - a favorite target among threat actors - researchers have seen them hit Gmail inboxes as well, Jeremy Fuchs, cybersecurity research analyst at Avanan, told Threatpost.

The Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software.The threat actors behind Emotet are now infecting systems by installing malicious packages using a built-in feature of Windows 10 and Windows 11 called App Installer.

Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. Adobe has dropped a mammoth out-of-band security update this week, addressing 92 vulnerabilities across 14 products.

A mere two weeks after its most recent set of security patches, Adobe has issued another 14 security bulletins covering 92 CVE-listed bugs. Adobe's repairs apparently represent planned maintenance rather than an out-of-band release, even though October's Patch Tuesday - the second Tuesday of the month - has come and gone.

Adobe is urging its throngs of Acrobat Reader users to update their software to fix critical vulnerabilities that could allow adversaries to execute arbitrary code on unpatched versions. As for the Adobe Acrobat family of software, 26 bugs were patched, 13 of which were critical and given an Adobe priority rating of "2," meaning that the affected product is at "Elevated risk" of being attacked.

Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect. In total, Adobe fixed 29 vulnerabilities with today's updates.