On October 10, the Cybersecurity and Infrastructure Security Agency (CISA) updated the Known Exploited Vulnerabilities (KEV) catalog with five known software flaws. At the top of the list: A use-after-free vulnerability in Adobe’s Acrobat and Reader PDF-viewing applications that could allow code execution with the privileges of any user that clicked on a malicious file….

As part of its scheduled Patch Tuesday updates, Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software. In a critical-severity bulletin, Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user….

Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the company to its customers….

Of the 26 security holes fixed in the Windows and macOS versions of Acrobat and Reader, 16 have been assigned a “critical” severity rating (high severity based on their CVSS score), and a majority are memory-related issues that can be exploited for arbitrary code execution. Four of these critical vulnerabilities — CVE-2021-44704 through CVE-2021-44707 —…

The flaws, rated critical, expose both Windows and MacOS users to code execution attacks, Adobe said in an advisory released Tuesday. The updates, available for Photoshop 2020 and Photoshop 2021, are being pushed via the software’s automatic updating mechanism. Adobe described the vulnerabilities as memory corruption issues with 7.8 CVSS scores. The company also shipped…

As part of its scheduled Patch Tuesday release, Adobe released fixes for 29 documented security vulnerabilities, some serious enough to expose users to code execution, security feature bypass, and privilege escalation attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif….

Building on previous research, white papers, and other projects from Adobe’s Security Intelligence Team, OSAS out-of-the-box allows researchers to experiment with datasets, control data processing and feature combining, and help identify a solution for detecting security threats. The new open-source project tackles the issue of data sparsity, which may appear when using machine learning (ML)…

In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation. In its Connect product, the company addressed one critical input validation issue that can result…

A total of 17 vulnerabilities have been fixed with the release of Adobe Bridge 10.0.4 for Windows and macOS. The critical flaws have been described as stack-based buffer overflow, heap overflow, out-of-bounds write, use-after-free, and other memory corruption issues that can lead to arbitrary code execution. Three of the patched security holes, described as important…