Security News

A critical vulnerability patched on Tuesday by Adobe in its Creative Cloud desktop application can be exploited by hackers to delete arbitrary files. Adobe Creative Cloud is a set of applications and services used for video editing, graphic design, photography and web development.

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index.

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system-including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020.

Obscured by a long list of Microsoft patches and some fuss about a missing SMB fix, the answer is Adobe, which normally times its update cycle to coincide with the OS giant's monthly schedule. It's mostly a practical convenience - admins and end-users get all the important client patches at once, which includes Adobe's ubiquitous Acrobat and Reader software.

Two of these vulnerabilities are under active attack. The first of two flaws under attack is a critical vulnerability that exists in the migration tool component of Apex One and OfficeScan.

Security updates released this week by Adobe address numerous critical and important vulnerabilities in Genuine Integrity Service, Acrobat and Reader, Photoshop, Experience Manager, ColdFusion, and Bridge. A total of 13 flaws were patched in Acrobat and Reader for Windows and macOS, nine of which are rated critical severity, leading to arbitrary code execution in the context of the current user.

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. In this most recent group, Adobe Photoshop had the most vulnerabilities fixed, with 22 CVEs addressed overall, 16 of which were critical: "Adobe has released updates for Photoshop for Windows and macOS. These updates resolve multiple critical and important vulnerabilities," according to Adobe's advisory.

Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical.