New Adobe Vulnerabilities Being Exploited in the Wild

Adobe posted a vulnerability report warning that vulnerabilities in Adobe Reader and Acrobat XI (11.0.1) and earlier versions are being exploited in the wild. Adobe is currently investigating this issue. According to the FireEye blog posted earlier today, the malicious file arrives as a PDF file. Upon successful exploitation of the vulnerabilities, two malicious DLL…

Read More

February 14, 2013 | by

Adobe fixes ColdFusion security vulnerability

h-Online: On the same day as Microsoft’s September Patch Tuesday, Adobe released an update for ColdFusion to close a security hole in its rapid web application development software. The hotfix for ColdFusion addresses a vulnerability (CVE-2012-2048), which the company rates as important, that could be exploited by a remote attacker to cause a denial-of-service (DoS)…

Read More

September 12, 2012 | by

Microsoft to patch Flash hole in Windows 8 shortly

h-online: Microsoft has confirmed that it will deliver a security update for the bundled version of Flash Player used by Internet Explorer 10 (IE10) sooner than previously planned. In a statement sent to ZDNet, Yunsun Wee, Trustworthy Computing Director at Microsoft, said that the company is working closely with Adobe on an updated version of…

Read More

September 12, 2012 | by

Adobe Flash Player update patches six critical holes

h-Online: Adobe has released the second update for its Flash Player software in a week, this time for six critical vulnerabilities. Four of the issues addressed are problems with memory corruption that could lead to remote code execution; additionally, the update fixes an integer overflow vulnerability that could also lead to remote code execution. Another…

Read More

August 23, 2012 | by

Adobe Flash Player 11.3.300.270 for Windows released to address a crash

Adobe wrote: Today, Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe).  There are no other fixes or changes provided with this build.  This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi’s (available…

Read More

August 3, 2012 | by

Worth Reading: Escape from Adobe’s sandbox

Adobe Reader X runs in a sandbox at a very restricted privilege level. Important system calls are supposed to be handled by a special broker process that will subject them to extensive testing. However, a small design flaw allows attackers to escape from this sandbox and execute arbitrary code – despite having both ASLR (Address…

Read More

June 25, 2012 | by

Sandboxed Flash Player for Firefox: Adobe Flash update closes several critical holes

The H-Online: Adobe has announced the release of an update for Flash Player on Windows, Mac, Linux, Android 3.x and 4.x, and within its own AIR runtime. The update addresses several critical vulnerabilities which involve memory corruption, stack overflows, integer overflows, security being bypassed, null dereferencing and binary planting (DLL hijacking). All, except the security…

Read More

June 9, 2012 | by

Adobe Flash Player update closes critical object confusion hole

The H-Online: Adobe has released a security advisory relating to an object confusion vulnerability which allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking…

Read More

May 5, 2012 | by

Adobe Creative Suite 6 takes to the cloud

Cross-posted from BetaNews.com: Adobe took the wraps off Creative Suite 6 on Monday, introducing the largest release to date of the content-creation platform. CS6 now includes up to 12 programs and two companion applications, Bridge and Encore, and is available in four editions: Design Standard, Design and Web Premium, Production Premium, and Master Collection. The…

Read More

April 23, 2012 | by