Security News

ACROS Security's 0patch service has developed unofficial patches for two actively exploited Windows vulnerabilities for which Microsoft has yet to release fixes. Hackers can exploit the flaws by convincing users to open specially crafted documents or viewing them in the Windows preview pane.

The Remote Code Execution vulnerabilities affect Adobe Type Manager Library, the part of Windows that manages PostScript Type 1 fonts. Importantly the same danger would arise even if users viewed that document using the Windows File Explorer file manager preview features.

Apple has emitted a bundle of security fixes ranging across its product lines. For the flagship iOS, the 13.4 update includes fixes for 30 security holes.

Adobe has issued a patch for a critical flaw that can be exploited to delete files from Windows computers running the Creative Cloud client. "Successful exploitation could lead to arbitrary File Deletion in the context of the current user," Adobe said in its bulletin today.

Hackers are commandeering victims' Windows PCs by exploiting at least one remote-code-execution flaw in the Adobe Type Manager Library included with the Microsoft operating system. Redmond today warned of two flaws, not yet assigned CVE numbers, present in the font parser - and at least one has been exploited in a "Limited number of attacks" to hijack vulnerable computers.

Microsoft informed customers on Monday that it's working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution. According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles a "Specially-crafted multi-master font - Adobe Type 1 PostScript format."

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. "There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane," the company shared, and said that the Outlook Preview Pane is not an attack vector for this vulnerability.

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system-including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020.