The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Adobe

Adobe Issues July 2020 Critical Security Patches for Multiple Software

Adobe Issues July 2020 Critical Security Patches for Multiple Software

July 14, 2020Wang Wei
Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications. Out of these 13 vulnerabilities, four have been rated critical, and nine are important in severity. The affected products that received security patches today include: Adobe Creative Cloud Desktop Application Adobe Media Encoder Adobe Genuine Service Adobe ColdFusion Adobe Download Manager Adobe Creative Cloud Desktop Application versions 5.1 and earlier for Windows operating systems contain four vulnerabilities, one of which is a critical symlink issue (CVE-2020-9682) leading to arbitrary file system write attacks. According to the advisory , the other three important flaws in this Adobe software are privilege escalation issues. Adobe Media Encoder contains two critical arbitrary code execution (CVE-2020-9650 and CVE-2020-9646) and one important information disclosure issues, affecting both Windows and macOS users running Media En
Critical Security Patches Released for Magento, Adobe Illustrator and Bridge

Critical Security Patches Released for Magento, Adobe Illustrator and Bridge

April 28, 2020Mohit Kumar
It's not 'Patch Tuesday,' but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities. The list of affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform, containing a total of 35 vulnerabilities where each one of them is affected with multiple critical arbitrary code execution flaws. According to security advisory Adobe released, Illustrator 2020—one of the most popular designing software with millions of users around the globe—contains 5 critical code execution flaw, all existed due to memory corruption bugs in the Windows version of the software. Digital asset management app Adobe Bridge  version 10.0.1 and earlier for Windows operating systems have been found vulnerable to a total of 17 new flaws, 14 of which could lead to code execution attacks and are critical in severity—all discovered by security researcher Mat Powell. Th
Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

March 18, 2020Mohit Kumar
Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: Adobe Genuine Integrity Service Adobe Acrobat and Reader Adobe Photoshop Adobe Experience Manager Adobe ColdFusion Adobe Bridge According to the security advisories, 29 of the 41 vulnerabilities are critical in severity, and the other 11 have been rated important. Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical. Adobe Genuine Integrity Service , a utility in Adobe suite that prevents users from running non-genuine or cracked pirated software, is affected with just one important severity privilege escalation flaw. Adobe Photoshop
Adobe Patches Critical Bugs Affecting Media Encoder and After Effects

Adobe Patches Critical Bugs Affecting Media Encoder and After Effects

February 20, 2020Wang Wei
Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities. Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary code on targeted systems by tricking victims into opening a specially crafted file using the affected software. The bug ( CVE-2020-3765 ) in Adobe After Effects, an application for creating motion graphics and special effects used in the video, was discovered by security researcher Matt Powell and reported to Adobe via Trend Micro Zero Day Initiative project. Whereas, the second issue ( CVE-2020-3764 ) affecting Adobe Media Encoder, software for encoding and compressing audio or video files, was discovered by Canadian security researcher Francis Provencher. None of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild, as th
Adobe Releases Patches for Dozens of Critical Flaws in 5 Software

Adobe Releases Patches for Dozens of Critical Flaws in 5 Software

February 11, 2020Swati Khandelwal
Here comes the second 'Patch Tuesday' of this year. Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could allow attackers to take full control of vulnerable systems. Adobe Framemaker Adobe Acrobat and Reader Adobe Flash Player Adobe Digital Edition Adobe Experience Manager In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks. Adobe Acrobat and Reader for Windows and macOS also contain 12 similar critical code execution vulnerabilities, along with 3 other important information disclosure
Adobe Releases First 2020 Patch Tuesday Software Updates

Adobe Releases First 2020 Patch Tuesday Software Updates

January 14, 2020Mohit Kumar
Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users. Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. 5 of the 9 security vulnerabilities are 'critical' in severity, and all of them affect Adobe Illustrator CC versions 24.0 and earlier, which were reported to the company by Fortinet's FortiGuard Labs researcher Honggang Ren. According to an advisory published by Adobe, all five critical issues in Adobe Illustrator software are memory corruption bugs that could allow an attacker to execute arbitrary code on targeted systems in the context of the current user. The rest 4 security vulnerabilities affect Adobe Experience Manager —
Adobe Releases Patches for 'Likely Exploitable' Critical Vulnerabilities

Adobe Releases Patches for 'Likely Exploitable' Critical Vulnerabilities

December 10, 2019Mohit Kumar
The last Patch Tuesday of 2019 is finally here. Adobe today released updates for four of its widely used software—including Adobe Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets—to patch a total of 25 new security vulnerabilities. Seventeen of these flaws have been rated as critical in severity, with most of them carrying high priority patches, indicating that the vulnerabilities are more likely to be used in real-world attacks, but there are currently no known exploits in the wild. The software update for Adobe Acrobat and Reader for Windows and macOS operating systems addresses a total of 21 security vulnerabilities, 14 of which are critical, and rest are important in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution attacks, allowing attackers to take complete control of targeted systems. Adobe Photoshop CC for Windows and macOS contains patches for two critical arbitrary
Magento Marketplace Suffers Data Breach Exposing Users' Account Info

Magento Marketplace Suffers Data Breach Exposing Users' Account Info

November 27, 2019Mohit Kumar
If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals. According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers). The leaked database includes affected users' names, email addresses, MageID, billing and shipping address information, and some limited commercial information. While Adobe didn't reveal or might don't know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach la
Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users

Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users

October 26, 2019Swati Khandelwal
The U.S. multinational computer software company Adobe has suffered a serious security breach earlier this month that exposed user records' database belonging to the company's popular Creative Cloud service. With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company's full suite of popular creative software for desktop and mobile, including Photoshop, Illustrator, Premiere Pro, InDesign, Lightroom, and many more. What happened? — Earlier this month, security researcher Bob Diachenko collaborated with the cybersecurity firm Comparitech to uncover an unsecured Elasticsearch database belonging to Adobe Creative Cloud subscription service that was accessible to anyone without any password or authentication. How many victims? — The inadvertently exposed database, which has now been secured, contained personal information of nearly 7.5 million Adobe Creative Cloud user accounts. What type
Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

October 15, 2019Swati Khandelwal
No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe Experience Manager Adobe Experience Manager Forms Adobe Download Manager Out of 82 security vulnerabilities, 45 are rated critical, and all of them affect Adobe Acrobat and Reader and which, if exploited successfully, could lead to arbitrary code execution in the context of the current user. A majority of critical-rated vulnerabilities (i.e., 26) in Adobe Acrobat and Reader reside due to use-after-free, 6 due to out-of-bounds write, 4 are type confusion bugs, 4 due to untrusted pointer dereference, 3 are heap overflow bugs, one buffer overrun and one race condition issue. Ad
Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions

Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions

October 08, 2019Swati Khandelwal
I have really bad news for Adobe customers in Venezuela… California-based software company Adobe on Monday announced to soon ban accounts and cancel the subscriptions for all of its customers in Venezuela in order to comply with economic sanctions that the United States imposed on the Latin American country. The Trump administration issued an executive order on 5th August 2019, targeting the President of Venezuela Nicolas Maduro for allegedly usurping the presidency and violating the human rights of the country's citizens. The Presidential Executive Order 13884 has been designed to block American companies and individuals from conducting virtually all trade with Venezuela. As a result, Adobe has now decided to deactivate all accounts in the country, leaving thousands of users and companies without access to the company's graphics and multimedia software, including Photoshop, Illustrator, Acrobat Reader, Adobe After Effects, Lightroom, and Flash Player. "The
Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

September 10, 2019Wang Wei
It's Patch Tuesday again—the day of the month when both Adobe and Microsoft release security patches for vulnerabilities in their software. Adobe has just released its monthly security updates to address a total of 3 security vulnerabilities in only two of its products this time—Adobe Flash Player and Adobe Application Manager (AAM). None of the security vulnerabilities patched this month in Adobe products is being exploited in the wild. The latest update for Adobe Flash Player , the software that will receive security patch updates until the end of 2020, this month addresses two critical vulnerabilities and affects Windows, macOS, Linux, and Chrome OS versions of the software. Both the critical vulnerabilities in Flash Player, listed below, lead to arbitrary code execution in the context of the current user, allowing attackers to take complete control over targeted systems. Same-origin method execution (CVE-2019-8069) Use-after-free (CVE-2019-8070) Both the vuln
Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign

Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign

June 11, 2019Swati Khandelwal
It's Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary code execution attacks. Here below you can find brief information about all newly patched ColdFusion flaws : CVE-2019-7838 — This vulnerability has been categorized as "File extension blacklist bypass" and can be exploited if the file uploads directory is web accessible. CVE-2019-7839 — There's a command injection vulnerability in ColdFusion 2016 and 2018 editions, but it does not impact ColdFusion version 11. CVE-2019-7840 — This flaw originates from the deserialization of untrusted data and also leads to arbitrary code execution on the system. Besides ColdFusion
Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products

Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products

April 09, 2019Swati Khandelwal
Good morning readers, it's Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software. Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player. According to an advisory, Adobe Acrobat and Reader applications for Microsoft Windows and Apple macOS operating systems are vulnerable to a total 21 vulnerabilities, 11 of which have been rated as critical in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems. Remaining ten vulnerabilities in the most widely used PDF reader are all rated as important and could lead to information disclosure. If your system hasn't yet detected the availability of the new update automatically, you sh
Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

January 04, 2019Swati Khandelwal
I hope you had biggest, happiest and craziest New Year celebration, but now it's time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company's Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user. Both the vulnerabilities were reported to Adobe by security researchers--Abdul-Aziz Hariri and Sebastian Apelt—from Trend Micro's Zero Day Initiative (ZDI). Critical Adobe Acrobat and Reader Vulnerabilities The first vulnerability, reported by Apelt and identified as CVE-2018-16011, is a use-after-free bug that can lead
Adobe's Year-End Update Patches 87 Flaws in Acrobat Software

Adobe's Year-End Update Patches 87 Flaws in Acrobat Software

December 12, 2018Swati Khandelwal
Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products. Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of which 39 are rated as critical and 48 important in severity. The security update comes less than a week after Adobe released patches for a critical zero-day vulnerability (CVE-2018-15982) in Flash Player that was actively being exploited in a targeted attack targeting a Russian state health care institution. The critical vulnerabilities addressed today in Acrobat and Reader include three heap-overflow bugs, five out-of-bounds write flaws, two untrusted pointer dereference issues, two buffer errors, and 24 use-after-free bugs. Upon successful exploitation, all of the above critical vulner
Adobe Releases Security Patch Updates for 11 Vulnerabilities

Adobe Releases Security Patch Updates for 11 Vulnerabilities

October 09, 2018Mohit Kumar
Adobe has released its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity. Adobe has also released updated versions for Flash Player , but surprisingly this month the software received no security patch update. Also, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. All four critical vulnerabilities, three classified as a "heap overflow" and one "Use after free," reside in Adobe Digital Editions , an ebook reader software program. Successful exploitation of all the four flaws could allow an attacker to execute arbitrary code on the targeted system in the context of the current user. Besides this, Adobe Digital Editions also received security updates for four important "Out of bounds read" vulnerabilities
Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities

Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities

September 11, 2018Swati Khandelwal
Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server. What's the good news this month for Adobe users? This month Adobe Acrobat and Reader applications did not receive any patch update, while Adobe Flash Player has received an update for just a single privilege escalation vulnerability (CVE-2018-15967) rated as important. Secondly, Adobe said none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Total 9 Security Patches for Adobe ColdFusion Adobe has addressed a total of nine security vulnerabilities in its ColdFusion web application development platform, six of which are critical, two important and one moderate. According to the advisory released by Adobe, ColdFusion contain
Adobe Issues Emergency Patches for Critical Flaws in Photoshop CC

Adobe Issues Emergency Patches for Critical Flaws in Photoshop CC

August 22, 2018Swati Khandelwal
Adobe released an out-of-band security update earlier today to address two critical remote code execution vulnerabilities impacting Adobe Photoshop CC for Microsoft Windows and Apple macOS machines. According to the security advisory published Wednesday by Adobe, its Photoshop CC software is vulnerable to two critical memory corruption vulnerabilities, which could allow a remote attacker to execute arbitrary code in the context of the targeted user. The vulnerabilities, identified as CVE-2018-12810 and CVE-2018-12811, impact Adobe Photoshop CC 2018 version 19.1.5 and earlier 19.x versions, as well as Adobe Photoshop CC 2017 version 18.1.5 and earlier 18.x versions. The critical security flaws were discovered and reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs, and have now been addressed by Adobe with the release of Photoshop CC versions 19.1.6 and 18.1.6. Also Read: Teen Arrested for Hacking into Apple's Network It should be noted that these RCE vu
Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

August 14, 2018Mohit Kumar
Get your update caps on. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical. The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio. Two of these vulnerabilities patched by the tech giant is listed as publicly known and being exploited in the wild at the time of release. According to the advisory released by Microsoft, all 19 critical-rated vulnerabilities lead to remote code execution (RCE), some of which could eventually allow attackers to take control of the affected system if exploited successfully. Besides this, Microsoft has also addressed 39 important flaws, one moderate and one low in severity. Here below we have listed brief details of a few critical and publically exploited important vulnerabilities: Internet Explorer Memory Co
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.