The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for Adobe

Another Unpatched Adobe Flash Zero-Day vulnerability Exploited in the Wild

Another Unpatched Adobe Flash Zero-Day vulnerability Exploited in the Wild

February 02, 2015Swati Khandelwal
Warning for Adobe users! Another zero-day vulnerability has been discovered in Adobe Flash Player   that is actively being exploited by cyber crooks in drive-by download attacks, security researchers warned today. This is for the third time in last few weeks when Adobe is dealing with a zero day vulnerability in Flash Player. The Adobe Flash Player Vulnerability identified as CVE-2015-0313 , exists in the latest version of Flash Player, i.e. version 16.0.0.296 and earlier. In late January, Adobe released an updated version of its Flash player software that patches zero-day vulnerability, tracked as CVE-2015-0311 , spotted by French security researcher Kafeine. This Adobe Flash Player Vulnerability was also being actively exploited via Malvertisement and drive-by-download attacks. In case of a "drive-by-download" attack, an attacker downloads a malicious software to a victim's computer without their knowledge or explicit consent. As a result, the flaw cou
Adobe Releases Security Patch Updates For 112 Vulnerabilities

Adobe Releases Security Patch Updates For 112 Vulnerabilities

July 10, 2018Swati Khandelwal
Adobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited. The vulnerabilities addressed in this month's patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader. None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Adobe Flash Player (For Desktops and Browsers) Security updates include patches for two vulnerabilities in Adobe Flash Player for various platforms and application, as listed below. One of which has been rated critical (CVE-2018-5007), and successful exploitation of this "type confusion" flaw could allow an attacker to execute arbitrary code on the targeted system in the context of the current user. This flaw was discovered and reported to Adobe by willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative. Withou
Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users

Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users

October 26, 2019Swati Khandelwal
The U.S. multinational computer software company Adobe has suffered a serious security breach earlier this month that exposed user records' database belonging to the company's popular Creative Cloud service. With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company's full suite of popular creative software for desktop and mobile, including Photoshop, Illustrator, Premiere Pro, InDesign, Lightroom, and many more. What happened? — Earlier this month, security researcher Bob Diachenko collaborated with the cybersecurity firm Comparitech to uncover an unsecured Elasticsearch database belonging to Adobe Creative Cloud subscription service that was accessible to anyone without any password or authentication. How many victims? — The inadvertently exposed database, which has now been secured, contained personal information of nearly 7.5 million Adobe Creative Cloud user accounts. What type
Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products

Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products

April 09, 2019Swati Khandelwal
Good morning readers, it's Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software. Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player. According to an advisory, Adobe Acrobat and Reader applications for Microsoft Windows and Apple macOS operating systems are vulnerable to a total 21 vulnerabilities, 11 of which have been rated as critical in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems. Remaining ten vulnerabilities in the most widely used PDF reader are all rated as important and could lead to information disclosure. If your system hasn't yet detected the availability of the new update automatically, you sh
Emergency Patch released for Latest Flash Zero-Day Vulnerability

Emergency Patch released for Latest Flash Zero-Day Vulnerability

October 17, 2015Khyati Jain
Two days ago, The Hacker News (THN) reported about the Zero-day vulnerability in the freshly patched Adobe Flash Player . The vulnerability was exploited in the wild by a well-known group of Russian hackers, named " Pawn Storm ," to target several foreign affairs ministries worldwide. The zero-day flaw allowed hackers to have complete control of the users' machine, potentially putting all the Flash Player users at a potentially high risk. Since then, there was no patch available to make flawed utility safe. However, Adobe has now patched the zero-day vulnerability, along with some critical vulnerabilities whose details are yet to be disclosed. Yesterday, the company published a post on their official security bulletin ( APSB15-27 ) detailing the risks associated with the zero-day and how a user can get rid of them. The critical vulnerabilities are assigned following CVE numbers: CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 Also, Adobe is kn
Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

October 15, 2019Swati Khandelwal
No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe Experience Manager Adobe Experience Manager Forms Adobe Download Manager Out of 82 security vulnerabilities, 45 are rated critical, and all of them affect Adobe Acrobat and Reader and which, if exploited successfully, could lead to arbitrary code execution in the context of the current user. A majority of critical-rated vulnerabilities (i.e., 26) in Adobe Acrobat and Reader reside due to use-after-free, 6 due to out-of-bounds write, 4 are type confusion bugs, 4 due to untrusted pointer dereference, 3 are heap overflow bugs, one buffer overrun and one race condition issue. Ad
Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

May 11, 2021Ravie Lakshmanan
Adobe has released  Patch Tuesday updates  for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager , Adobe InDesign , Adobe Illustrator , Adobe InCopy , Adobe Genuine Service , Adobe Acrobat and Reader, Magento , Adobe Creative Cloud Desktop Application, Adobe Media Encoder , Adobe After Effects , Adobe Medium, and Adobe Animate. In a security bulletin, the company  acknowledged  it received reports that the flaw "has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows." Tracked as CVE-2021-28550, the zero-day concerns an arbitrary code execution flaw that could allow adversaries to execute virtually any command on target systems. While the targeted attacks took aim at Windows users of Adobe Reader, the issue affects both Windows and macOS ver
Adobe Issues July 2020 Critical Security Patches for Multiple Software

Adobe Issues July 2020 Critical Security Patches for Multiple Software

July 14, 2020Wang Wei
Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications. Out of these 13 vulnerabilities, four have been rated critical, and nine are important in severity. The affected products that received security patches today include: Adobe Creative Cloud Desktop Application Adobe Media Encoder Adobe Genuine Service Adobe ColdFusion Adobe Download Manager Adobe Creative Cloud Desktop Application versions 5.1 and earlier for Windows operating systems contain four vulnerabilities, one of which is a critical symlink issue (CVE-2020-9682) leading to arbitrary file system write attacks. According to the advisory , the other three important flaws in this Adobe software are privilege escalation issues. Adobe Media Encoder contains two critical arbitrary code execution (CVE-2020-9650 and CVE-2020-9646) and one important information disclosure issues, affecting both Windows and macOS users running Media En
Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

March 18, 2020Mohit Kumar
Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: Adobe Genuine Integrity Service Adobe Acrobat and Reader Adobe Photoshop Adobe Experience Manager Adobe ColdFusion Adobe Bridge According to the security advisories, 29 of the 41 vulnerabilities are critical in severity, and the other 11 have been rated important. Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical. Adobe Genuine Integrity Service , a utility in Adobe suite that prevents users from running non-genuine or cracked pirated software, is affected with just one important severity privilege escalation flaw. Adobe Photoshop
Adobe to Kill 'FLASH', but by Just Renaming it as 'Adobe Animate CC'

Adobe to Kill 'FLASH', but by Just Renaming it as 'Adobe Animate CC'

December 01, 2015Swati Khandelwal
Adobe is Finally Killing FLASH, but not actually. Adobe Flash made the Internet a better place with slick graphics, animation, games and applications, but it never stood a chance of surviving in the same world as HTML5. Of course, Flash has plagued with various stability and security issues , which is why developers had hated the technology for years. So, now it's time to say GoodBye to Adobe Flash Professional CC, and Welcome Adobe Animate CC . Meet the new Flash, Adobe Animate CC , same as the old Flash, and still insecure mess. Adobe Animate CC Embraces HTML5 Adobe has officially announced that "over a third of all content created in Flash Professional today uses HTML5," so the company is acknowledging the shift with the new name. Adobe Animate CC — Adobe's Premier Web animation tool for developing HTML5 content . Yes, that's what the company has the focus on. The application – mostly looks like an update to the Fla
Adobe Releases Critical Security Updates for Flash Player, Acrobat and Adobe Reader

Adobe Releases Critical Security Updates for Flash Player, Acrobat and Adobe Reader

August 13, 2014Mohit Kumar
Adobe has released security updates to fix seven vulnerabilities in its Flash and Air platforms and one in its Reader and Acrobat which, according to the company, is being exploited by attackers in wild " ...in limited, isolated attacks targeting Adobe Reader users on Windows. " The vulnerabilities could allow an attacker to " take control of affected systems " marked critical by the company. A new, out-of-band patch addresses a zero-day vulnerability (CVE-2014-0546) in Adobe Reader and Acrobat that offers an attacker the possibility to bypass sandbox protection and has been leveraged in "limited, isolated attacks" against Windows users. " These updates resolve a sandbox bypass vulnerability that could be exploited to run native code with escalated privileges on Windows, " Adobe warned. The lone vulnerability in Adobe Acrobat and Reader was reported by Kaspersky Lab Global Research and Analysis Team director Costin Raiu and V
Hacker hacked into Adobe servers and dump data of 150000 users

Hacker hacked into Adobe servers and dump data of 150000 users

November 14, 2012Anonymous
This morning I received the news of new attacks against Adobe, an Egyptian Hacker named ViruS_HimA hacked into Adobe servers and leaked private data. The hacker claims to have violated Adobe servers gaining full access and dumping the entire database with more of 150,000 emails and hashed passwords of Adobe employees and customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and many other companies. The leaked file contains a list of for each account the following information: Firstname Lastname Title Phone Email Company Username Password hash The hacker declare that his intent was far from to destroy the business of the company, that's why he posted data leaked related only to Adobe, and belonging the domains "*.mil" and ".gov". Which is the motivation of the attack? The attack hasn't a politic motivation, ViruS_HimA desire to demonstrate that despite Adobe is one of the most important company in IT l
Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

May 13, 2015Mohit Kumar
This week you have quite a long list of updates to follow from Microsoft, Adobe as well as Firefox. Despite announcing plans to kill its monthly patch notification for Windows 10, the tech giant has issued its May 2015 Patch Tuesday , releasing 13 security bulletins that addresses a total of 48 security vulnerabilities in many of their products. Separately, Adobe has also pushed a massive security update to fix a total of 52 vulnerabilities in its Flash Player, Reader, AIR and Acrobat software. Moreover, Mozilla has fixed 13 security flaws in its latest stable release of Firefox web browser, Firefox 38, including five critical flaws. First from the Microsoft's side: MICROSOFT PATCH TUESDAY Three out of 13 security bulletins issued by the company are rated as 'critical', while the rest are 'important' in severity, with none of these vulnerabilities are actively exploited at this time. The affected products include Internet Explorer (IE),
Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions

Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions

October 08, 2019Swati Khandelwal
I have really bad news for Adobe customers in Venezuela… California-based software company Adobe on Monday announced to soon ban accounts and cancel the subscriptions for all of its customers in Venezuela in order to comply with economic sanctions that the United States imposed on the Latin American country. The Trump administration issued an executive order on 5th August 2019, targeting the President of Venezuela Nicolas Maduro for allegedly usurping the presidency and violating the human rights of the country's citizens. The Presidential Executive Order 13884 has been designed to block American companies and individuals from conducting virtually all trade with Venezuela. As a result, Adobe has now decided to deactivate all accounts in the country, leaving thousands of users and companies without access to the company's graphics and multimedia software, including Photoshop, Illustrator, Acrobat Reader, Adobe After Effects, Lightroom, and Flash Player. "The
Adobe Releases Critical Security Updates for Acrobat and Reader

Adobe Releases Critical Security Updates for Acrobat and Reader

September 18, 2014Swati Khandelwal
After a week delay, Adobe has finally pushed out critical security updates for its frequently-attacked Reader and Acrobat PDF software packages to patch serious vulnerabilities that could lead to computers being compromised. The new versions of Adobe Reader and Acrobat released Tuesday for both Windows and Macintosh computers address eight vulnerabilities, five of which could allow for remote code execution . The remaining three vulnerabilities involve a sandbox bypass vulnerability that can be exploited to escalate an attacker's privileges on Windows, a denial-of-service (DoS) vulnerability related to memory corruption, and a cross-site scripting (XSS) flaw that only affects the programs on the Mac platform. According to Adobe's advisory , applying the patches will involve a system restart. The affected versions are: Adobe Reader XI (11.0.08) and earlier 11.x versions for Windows Adobe Reader XI (11.0.07) and earlier 11.x versions for Macintosh Adobe Reade
Adobe issues Emergency Flash Player update to patch critical zero-day threat

Adobe issues Emergency Flash Player update to patch critical zero-day threat

February 05, 2014Anonymous
Adobe is recommending that users update their Flash Players immediately. The company has published an emergency security bulletin today, that addresses vulnerabilities the Flash Player and released a patch to fix a vulnerability which is currently being exploited in a sophisticated cyber espionage campaign. " Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin. " The vulnerability ( CVE-2014-0497 ), allows an attacker to remotely take control of the targeted system hosting Flash. " These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system " advisory said. The security hole affects the version 12.0.0.43 and earlier for both Windows and Mac OSs and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. The vulnerability was discovered by two researchers
Adobe Releases First 2020 Patch Tuesday Software Updates

Adobe Releases First 2020 Patch Tuesday Software Updates

January 14, 2020Mohit Kumar
Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users. Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. 5 of the 9 security vulnerabilities are 'critical' in severity, and all of them affect Adobe Illustrator CC versions 24.0 and earlier, which were reported to the company by Fortinet's FortiGuard Labs researcher Honggang Ren. According to an advisory published by Adobe, all five critical issues in Adobe Illustrator software are memory corruption bugs that could allow an attacker to execute arbitrary code on targeted systems in the context of the current user. The rest 4 security vulnerabilities affect Adobe Experience Manager —
Adobe Releases Patches for Dozens of Critical Flaws in 5 Software

Adobe Releases Patches for Dozens of Critical Flaws in 5 Software

February 11, 2020Swati Khandelwal
Here comes the second 'Patch Tuesday' of this year. Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could allow attackers to take full control of vulnerable systems. Adobe Framemaker Adobe Acrobat and Reader Adobe Flash Player Adobe Digital Edition Adobe Experience Manager In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks. Adobe Acrobat and Reader for Windows and macOS also contain 12 similar critical code execution vulnerabilities, along with 3 other important information disclosure
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.