Security News

Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers. This past week, BleepingComputer has been monitoring fake stories being indexed by Google and pushed out by Google Alerts.

Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw. Adobe has released security updates for Acrobat and Reader, Dreamweaver, Photoshop, Illustrator, Animate, and the Magento CMS. Out of all of those, the Acrobat and Reader updates should be tested and deployed as soon as possible, as they fix a bucketload of critical and important issues in widely used solutions, including one bug that is being exploited in "Limited" attacks on Reader for Windows.

Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS," said Adobe on Tuesday.

Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild. The exploited vulnerability is tracked as CVE-2021-21017 and it was reported to Adobe anonymously.

Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. In total, the company addressed fifty security vulnerabilities affecting seven products, with many of them rated as critical as they allow local arbitrary code execution.

A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. This week, Will Dormann, a security researcher with Carnegie Mellon University's CERT Coordination Center, revealed that the Adobe ColdFusion installer doesn't create a secure access-control list on the default installation directory.

Adobe Flash Player is officially non-functional, and it's time to uninstall the program once and for all. When Adobe released their final version of Flash Player in December, they also announced that recent versions of the software include a kill switch that prevents Flash Player from loading Flash content starting on January 12th, 2021.

In tandem with Tuesday's security update, Adobe starting on Tuesday will also block Flash Player content, weeks after dropping support for Flash. The move means that when users attempt to load a page with Flash Player, the content now will no longer load. "Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems," according to Adobe.

Adobe on Tuesday released its first round of security updates for 2021, just as the company starts blocking Flash content. Adobe has patched a total of eight vulnerabilities across seven of its products, including Photoshop, Illustrator, Animate, Campaign Classic, InCopy, Captivate and Bridge.

The image is clickable and leads to Adobe's Flash Player EOL General Information Page where netizens are advised to uninstall Flash and fire it into the heart of the Sun. That page repeats Adobe's assertions that the likes of HTML5, WebGL, and WebAssembly "Have continually matured over the years and serve as viable alternatives for Flash content." Throw in the fact that "Major browser vendors are integrating these open standards into their browsers and deprecating most other plugins," and Adobe is content to let Flash become an ex-plugin.