Security News

Adobe has released security updates that address security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. In total, the company addressed ten security vulnerabilities affecting four products, with seven of them rated as critical as they allow arbitrary code execution or arbitrary file writes.

Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. Today's emergency updates patch an arbitrary code execution security flaw caused by an Improper Input Validation software vulnerability.

In an unscheduled security update, Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications. Further information on the flaw - including where in ColdFusion it exists, and how difficult it is to exploit, were not addressed; Threatpost has reached out to Adobe for further comment.

Adobe has released an urgent patch for a potentially dangerous security vulnerability in Adobe ColdFusion, the platform used for building and deploying mobile and web apps. "These updates resolve a critical vulnerability that could lead to arbitrary code execution," Adobe said in an advisory.

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems. Affected products include Adobe's Framemaker document processor, designed for writing and editing large or complex documents; Adobe's Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.

Adobe on Tuesday announced that it has patched critical code execution vulnerabilities in its Connect, Creative Cloud, and Framemaker products. In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation.

Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect. In total, the company fixed eight vulnerabilities today, with the majority of them rated as Critical as they allow arbitrary code execution.

Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers. This past week, BleepingComputer has been monitoring fake stories being indexed by Google and pushed out by Google Alerts.

Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw. Adobe has released security updates for Acrobat and Reader, Dreamweaver, Photoshop, Illustrator, Animate, and the Magento CMS. Out of all of those, the Acrobat and Reader updates should be tested and deployed as soon as possible, as they fix a bucketload of critical and important issues in widely used solutions, including one bug that is being exploited in "Limited" attacks on Reader for Windows.

Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS," said Adobe on Tuesday.