Security News

Adobe on Tuesday announced that it has patched critical code execution vulnerabilities in its Connect, Creative Cloud, and Framemaker products. In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation.

Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect. In total, the company fixed eight vulnerabilities today, with the majority of them rated as Critical as they allow arbitrary code execution.

Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers. This past week, BleepingComputer has been monitoring fake stories being indexed by Google and pushed out by Google Alerts.

Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw. Adobe has released security updates for Acrobat and Reader, Dreamweaver, Photoshop, Illustrator, Animate, and the Magento CMS. Out of all of those, the Acrobat and Reader updates should be tested and deployed as soon as possible, as they fix a bucketload of critical and important issues in widely used solutions, including one bug that is being exploited in "Limited" attacks on Reader for Windows.

Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS," said Adobe on Tuesday.

Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild. The exploited vulnerability is tracked as CVE-2021-21017 and it was reported to Adobe anonymously.

Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. In total, the company addressed fifty security vulnerabilities affecting seven products, with many of them rated as critical as they allow local arbitrary code execution.

A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. This week, Will Dormann, a security researcher with Carnegie Mellon University's CERT Coordination Center, revealed that the Adobe ColdFusion installer doesn't create a secure access-control list on the default installation directory.

Adobe Flash Player is officially non-functional, and it's time to uninstall the program once and for all. When Adobe released their final version of Flash Player in December, they also announced that recent versions of the software include a kill switch that prevents Flash Player from loading Flash content starting on January 12th, 2021.

In tandem with Tuesday's security update, Adobe starting on Tuesday will also block Flash Player content, weeks after dropping support for Flash. The move means that when users attempt to load a page with Flash Player, the content now will no longer load. "Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems," according to Adobe.