Security News

Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild. The exploited vulnerability is tracked as CVE-2021-21017 and it was reported to Adobe anonymously.

Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. In total, the company addressed fifty security vulnerabilities affecting seven products, with many of them rated as critical as they allow local arbitrary code execution.

A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. This week, Will Dormann, a security researcher with Carnegie Mellon University's CERT Coordination Center, revealed that the Adobe ColdFusion installer doesn't create a secure access-control list on the default installation directory.

Adobe Flash Player is officially non-functional, and it's time to uninstall the program once and for all. When Adobe released their final version of Flash Player in December, they also announced that recent versions of the software include a kill switch that prevents Flash Player from loading Flash content starting on January 12th, 2021.

In tandem with Tuesday's security update, Adobe starting on Tuesday will also block Flash Player content, weeks after dropping support for Flash. The move means that when users attempt to load a page with Flash Player, the content now will no longer load. "Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems," according to Adobe.

Adobe on Tuesday released its first round of security updates for 2021, just as the company starts blocking Flash content. Adobe has patched a total of eight vulnerabilities across seven of its products, including Photoshop, Illustrator, Animate, Campaign Classic, InCopy, Captivate and Bridge.

The image is clickable and leads to Adobe's Flash Player EOL General Information Page where netizens are advised to uninstall Flash and fire it into the heart of the Sun. That page repeats Adobe's assertions that the likes of HTML5, WebGL, and WebAssembly "Have continually matured over the years and serve as viable alternatives for Flash content." Throw in the fact that "Major browser vendors are integrating these open standards into their browsers and deprecating most other plugins," and Adobe is content to let Flash become an ex-plugin.

Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. [...]

With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player. To help secure your system, Adobe will block Flash content from running in Flash Player beginning January 12, 2021.

After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years. In the release notes for the final Flash Player 32 and AIR 32 released this Tuesday, Adobe thanks all the developers and customers for the amazing Flash content they have created over the last two decades.