#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for Adobe | Breaking Cybersecurity News | The Hacker News

Adobe Releases Patches for Dozens of Critical Flaws in 5 Software

Adobe Releases Patches for Dozens of Critical Flaws in 5 Software

Feb 11, 2020
Here comes the second 'Patch Tuesday' of this year. Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could allow attackers to take full control of vulnerable systems. Adobe Framemaker Adobe Acrobat and Reader Adobe Flash Player Adobe Digital Edition Adobe Experience Manager In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks. Adobe Acrobat and Reader for Windows and macOS also contain 12 similar critical code execution vulnerabilities, along with 3 other important information disclosure
Adobe releases important security patches for its 4 popular software

Adobe releases important security patches for its 4 popular software

Aug 14, 2018
Adobe has released August 2018 security patch updates for a total of 11 vulnerabilities in its products, two of which are rated as critical that affect Adobe Acrobat and Reader software. The vulnerabilities addressed in this month updates affect Adobe Flash Player, Creative Cloud Desktop Application, Adobe Experience Manager, Adobe Acrobat and Reader applications. None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Adobe Acrobat and Reader (Windows and macOS) Security researchers from Trend Micro's Zero Day Initiative and Cybellum Technologies have discovered and reported two critical arbitrary code execution vulnerabilities respectively in Acrobat DC and Acrobat Reader DC for Windows and macOS. According to the Adobe advisory, the flaw (CVE-2018-12808) reported by Cybellum Technologies is an out-of-bounds write flaw, whereas the bug (CVE-2018-12799) reported by Zero Day Initiative is an
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition

Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition

Mar 12, 2019
Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update. The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions. Upon successful exploitation, both critical vulnerabilities could allow an attacker to achieve arbitrary code execution in the context of the current user and take control of an affected system. However, the good news is that the company found no evidence of any exploits in the wild for these security issues, Adobe said. The vulnerability in Adobe Photoshop CC , discovered by Trend Micro Zero Day Initiative and assigned CVE-2019-7094, is a heap corruption issue which affects Photoshop CC 19.1.7 and earlier 19.x versions as well as Photoshop CC 20.0.2 and earlier 20.x versions for Microsoft Windows and Apple macOS operating systems. Users are recommended
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Oct 04, 2013
Hackers broke into Adobe Systems' internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe's most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other programs, revealed that cyber attackers had access user information, including account IDs and encrypted passwords as well as credit and debit card numbers. The company did not specify which users of its various software programs were hit. But Products compromised in this attack include Adobe Acrobat, ColdFusion , and ColdFusion Builder. " We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident. " the company said in a customer security alert . Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the
Adobe Releases 23 Security Updates for Flash Player

Adobe Releases 23 Security Updates for Flash Player

Sep 23, 2015
Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player. The security fixes for Windows, Linux and Mac users address "critical [flaws] that could potentially allow [attackers] to take control of the affected system," the company warned in an advisory on Monday. Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them. Critical Vulnerabilities These 18 security vulnerabilities, all deemed highly critical, are as follows: Type Confusion Vulnerability (CVE-2015-5573) Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682) Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678) Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2
Adobe is Finally Killing FLASH — At the End of 2020!

Adobe is Finally Killing FLASH — At the End of 2020!

Jul 26, 2017
Finally, Adobe is Killing FLASH — the software that helped make the Internet a better place with slick graphics, animation, games and applications and bring online video to the masses, but it has been hated for years by people and developers over its buggy nature . But the end of an era for Adobe Flash is near. Adobe announced Tuesday that the company would stop providing updates and stop distributing Flash Player at the end of 2020. The move has been applauded by many, as Adobe Flash has been infamous for frequent zero-day attacks , which is why it has long been one of the favourite tools for hackers and cyber criminals. It's been two decades since Adobe Flash has ruled the Web Space Animation Arena, which was the de facto standard for playing the online videos, but hackers increasingly found ways to exploit security holes in the technology and hack into user's computers. "We will stop updating and distributing the Flash Player at the end of 2020 and encoura
Critical Zero-day Vulnerability in Adobe Reader

Critical Zero-day Vulnerability in Adobe Reader

Dec 08, 2011
Critical Zero-day Vulnerability in Adobe Reader Researchers at the Lockheed Martin Computer Incident Response Team (CRT) and members of the Defense Security Information Exchange informed Adobe that their products were being exploited by hackers. The exploit affects all versions of Adobe Reader and Adobe Acrobat 9.x and higher, including Adobe Reader X and Adobe Acrobat X (10.1.1) for Windows, Macintosh, and UNIX. " This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system ," wrote Adobe in their incident report, explaining that this essentially a memory-corruption and privilege escalation exploit. " There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows. Adobe Reader X Protected Mode and Acrobat X Protected View mitigations would prevent an exploit of this kind from executing. " According to a blog po
Adobe Releases Security Patch Updates for 11 Vulnerabilities

Adobe Releases Security Patch Updates for 11 Vulnerabilities

Oct 09, 2018
Adobe has released its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity. Adobe has also released updated versions for Flash Player , but surprisingly this month the software received no security patch update. Also, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. All four critical vulnerabilities, three classified as a "heap overflow" and one "Use after free," reside in Adobe Digital Editions , an ebook reader software program. Successful exploitation of all the four flaws could allow an attacker to execute arbitrary code on the targeted system in the context of the current user. Besides this, Adobe Digital Editions also received security updates for four important "Out of bounds read" vulnerabilities
Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities

Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities

Nov 13, 2013
Adobe released critical security patches for its ColdFusion web application server and  Adobe Flash Player for Mac, Windows and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system, dubbed as CVE-2013-5329, CVE-2013-5330. The following software versions are affected and should be updated as soon as possible: Adobe Flash Player 11.9.900.117 and earlier versions for Mac and Windows Adobe Flash Player 11.2.202.310 and earlier versions for Linux Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh Adobe has also released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux, addresses two vulnerabilities: Cross-site scripting (XSS) vulnerability (CVE-2013-5326) Allow unauthorized remote read access (CVE-2013-5328) Both products have been patched mul
Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities

Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities

Sep 11, 2018
Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server. What's the good news this month for Adobe users? This month Adobe Acrobat and Reader applications did not receive any patch update, while Adobe Flash Player has received an update for just a single privilege escalation vulnerability (CVE-2018-15967) rated as important. Secondly, Adobe said none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Total 9 Security Patches for Adobe ColdFusion Adobe has addressed a total of nine security vulnerabilities in its ColdFusion web application development platform, six of which are critical, two important and one moderate. According to the advisory released by Adobe, ColdFusion contain
Adobe to issue Emergency Patch for Critical Flash Player Vulnerability

Adobe to issue Emergency Patch for Critical Flash Player Vulnerability

Apr 06, 2016
Adobe has been one of the favorite picks of the Hackers to mess with any systems devoid of any operating systems, as Flash Player is a front runner in all the browsers. Hackers have already been targeting Flash Player for long by exploiting known vulnerabilities roaming in the wild. Despite Adobe's efforts, Flash is not safe anymore for Internet security, as one more critical vulnerability had been discovered in the Flash Player that could crash the affected system and potentially allow an attacker to take control of the system. Discovered by a French Researcher Kafeine , FireEye's Genwei Jiang , and Google's Clement Lecigne, the flaw affects Adobe Flash Player 21.0.0.197 and its earlier versions for Windows, Macintosh, Linux and Chrome OS. The vulnerability, assigned under CVE-2016-1019, also expands back to Windows 7 and even towards Windows XP. Adobe had also confirmed that the newly discovered vulnerability in its Flash Player is being exploit
Adobe Releases February 2019 Patch Updates For 75 Vulnerabilities

Adobe Releases February 2019 Patch Updates For 75 Vulnerabilities

Feb 12, 2019
Welcome back! Adobe has today released its monthly security updates to address a total of 75 security vulnerabilities across its various products, 71 of which resides in Adobe Acrobat and Reader alone. February 2019 patch Tuesday updates address several critical and important vulnerabilities in Adobe Acrobat Reader DC, Adobe Coldfusion, Creative Cloud Desktop Application, and Adobe Flash Player for Windows, macOS, Linux, and Chrome OS. According to the advisory released today, 43 out of 71 vulnerabilities addressed by Adobe in Acrobat and Reader are rated as critical in severity, most of which could lead to arbitrary code execution in the context of the current user upon successful exploitation. The update also includes a permanent fix for a critical, publicly disclosed zero-day vulnerability (CVE 2019-7089) impacting Adobe Reader that could allow remote attackers to steal targeted Windows NTLM hash passwords just by tricking victims into opening a specially crafted PDF fi
Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

Sep 10, 2019
It's Patch Tuesday again—the day of the month when both Adobe and Microsoft release security patches for vulnerabilities in their software. Adobe has just released its monthly security updates to address a total of 3 security vulnerabilities in only two of its products this time—Adobe Flash Player and Adobe Application Manager (AAM). None of the security vulnerabilities patched this month in Adobe products is being exploited in the wild. The latest update for Adobe Flash Player , the software that will receive security patch updates until the end of 2020, this month addresses two critical vulnerabilities and affects Windows, macOS, Linux, and Chrome OS versions of the software. Both the critical vulnerabilities in Flash Player, listed below, lead to arbitrary code execution in the context of the current user, allowing attackers to take complete control over targeted systems. Same-origin method execution (CVE-2019-8069) Use-after-free (CVE-2019-8070) Both the vuln
Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder

Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder

May 14, 2019
Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e., 84 in total) affect Adobe Acrobat and Reader applications alone, where 42 of them are critical and rest 42 are important in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems. Adobe has released updated versions of Acrobat and Reader software for Windows and macOS operating systems to address these security vulnerabilities. The update for Adobe Flash Player , which will receive security patch updates until the end of 2020, comes this
Yahoo data leak by Virus_Hima, Why do we need a proactive security?

Yahoo data leak by Virus_Hima, Why do we need a proactive security?

Dec 17, 2012
In November I was contacted for first time by the Egyptian Hacker named ViruS_HimA who announced me to have hacked into Adobe servers and leaked private data. The hacker violated Adobe servers gaining full access and dumping the entire database with more of 150,000 emails and hashed passwords of Adobe employees and customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and many other companies. ViruS_HimA specifically addressed the inefficient and slow patch management process that leaves exposed for long period "big companies".  " When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!! It even takes 3-4 months to patch the vulnerabilities! Such big companies should really respond very fast and fix the security issues as fast as they can ." Like , we reported two days before that one month old reported critical vulnerability of account hijacking in Outlook and Hotmail  is still wo
Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign

Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign

Jun 11, 2019
It's Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary code execution attacks. Here below you can find brief information about all newly patched ColdFusion flaws : CVE-2019-7838 — This vulnerability has been categorized as "File extension blacklist bypass" and can be exploited if the file uploads directory is web accessible. CVE-2019-7839 — There's a command injection vulnerability in ColdFusion 2016 and 2018 editions, but it does not impact ColdFusion version 11. CVE-2019-7840 — This flaw originates from the deserialization of untrusted data and also leads to arbitrary code execution on the system. Besides ColdFusion
Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC

Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC

May 14, 2018
Adobe has just released new versions of its Acrobat DC, Reader and Photoshop CC for Windows and macOS users that patch 48 vulnerabilities in its software. A total of 47 vulnerabilities affect Adobe Acrobat and Reader applications, and one critical remote code execution flaw has been patched in Adobe Photoshop CC. Out of 47, Adobe Acrobat and Reader affect with 24 critical vulnerabilities —categorized as Double Free, Heap Overflow, Use-after-free, Out-of-bounds write, Type Confusion, and Untrusted pointer dereference—which if exploited, could allow arbitrary code execution in the context of the targeted user. Rest of the 23 flaws, including Security Bypass, Out-of-bounds read, Memory Corruption, NTLM SSO hash theft, and HTTP POST newline injection via XFA submission, are marked as important and can lead to information disclosure or security bypass. The above-listed vulnerabilities impact the Windows and macOS versions of Acrobat DC (Consumer and Classic 2015), Acrobat Rea
Recently Patched Adobe Flash Versions Hit by Another Zero-day Exploit

Recently Patched Adobe Flash Versions Hit by Another Zero-day Exploit

Oct 14, 2015
Does Adobe Flash , the standard that animated the early Web, needs to Die? Unfortunately, Yes. Despite Adobe's best efforts, Flash is not safe anymore for Internet security, as a recent zero-day Flash exploit has been identified. Just Yesterday Adobe released its monthly patch update that addressed a total of 69 critical vulnerabilities in Reader, Acrobat, including 13 critical patches for Flash Player. Now today, Security researchers have disclosed a new zero-day vulnerability in fully patched versions of Adobe Flash, which is currently being exploited in the wild by a Russian state-sponsored hacking groups, named " Pawn Storm ". NO Patch For Latest Flash Exploit That means, even users with an entirely up-to-date installation ( versions 19.0.0.185 and 19.0.0.207 ) of the Flash software are also vulnerable to the latest zero-day exploit. Luckily, for the time being, this exploit is only being used against Government agencies and several foreign affairs
Update Adobe Reader app for Android to Patch Remote Code Execution Vulnerability

Update Adobe Reader app for Android to Patch Remote Code Execution Vulnerability

Apr 15, 2014
If you're one of the 400 million Android users out there who have installed Adobe Reader app that helps you to view PDF documents on mobile devices, then you should immediately update your app from Google Play Store. Adobe has released an updated Adobe Reader 11.2.0 version to addresses an important vulnerability that could be exploited to gain 'remote code execution' ability on the affected system. According to the Adobe  advisory , vulnerability ( CVE-2014-0514 ) resides in the implementation of JavaScript APIs on Adobe Reader 11.2 that could be exploited to execute arbitrary code within Adobe Reader. Adobe vulnerability discovered by security researcher  Yorick Koster of Securify BV , claimed that an attacker can create a specially crafted PDF file containing malicious JavaScript code that triggers when the victim will try to open it using affected Adobe Reader for Android Operating System. Multiple attack vectors are available to deploy a malicio
Emergency Adobe Flash Player patch coming today !

Emergency Adobe Flash Player patch coming today !

Apr 16, 2011
Emergency Adobe Flash Player patch coming today ! Less than a week after warning that hackers were embedding malicious Flash Player files (.swf) into Microsoft Word documents to launch targeted malware attacks, Adobe plans to release an emergency Flash Player patch today to fix the underlying problem. The patch will fix a "critical" vulnerability in Flash Player 10.2.153.1 and earlier versions for Windows, Mac OS X Linux and Solaris. According to this Secunia advisory, the flaw allows a hacker to completely hijack a vulnerable Windows computer: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when parsing ActionScript that adds a custom function to the prototype of a predefined class. This results in incorrect interpretation of an object (i.e. object type confusion) when calling the custom function, which causes an invalid pointer to be dereferenced.
Cybersecurity Resources