Adobe patches Acrobat bug, neglects to mention whole zero-day, exploit thing

September 12, 2024 at 02:38PM Adobe’s patch for a remote code execution bug in Acrobat downplays the severity of a vulnerability, failing to mention it is considered a zero-day with a proof-of-concept exploit. Despite a CVSS base score of 7.8, a warning highlights its critical nature. Adobe has confirmed the need for a secondary fix. … Read more

Adobe Calls Attention to Massive Batch of Code Execution Flaws

August 13, 2024 at 01:45PM Adobe released 72 security vulnerability fixes for various products, warning Windows and macOS users of code execution and denial-of-service risks. Critical flaws were addressed in Adobe Acrobat, Reader, Illustrator, Photoshop, InDesign, Commerce, Bridge, Substance 3D Stager, Substance 3D Sampler, Substance 3D Designer, and InCopy, urging users to update to the … Read more

Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software

February 13, 2024 at 01:03PM Adobe released patches for 30 security vulnerabilities in various products, including Adobe Acrobat, Reader, and Magento Open Source, among others. Users are at risk of code execution, security feature bypass, and denial-of-service attacks. The urgent patches address critical flaws and code execution bugs, with Adobe’s assurance of no known exploits … Read more

Adobe Patches Code Execution Flaws in Substance 3D Stager

January 9, 2024 at 12:54PM Adobe released patches for six security vulnerabilities in Substance 3D Stager, warning of potential code execution attacks. The ‘important-severity’ issues affect macOS and Windows users and could lead to memory leaks and arbitrary code execution. Adobe recommends immediate updates to version 2.1.4 to mitigate these risks, with no known in-the-wild … Read more

CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw

December 6, 2023 at 05:32PM An unidentified actor exploited a patched Adobe ColdFusion vulnerability, CVE-2023-26360, on two US government agency servers, targeting legacy versions for reconnaissance without data theft or lateral movement. Adobe and CISA had previously ranked the flaw critical. Security tools detected the incidents, highlighting risks inherent in legacy systems. Meeting Takeaways: 1. … Read more