Articles about Adobe

Shocker: Adobe patches critical Shockwave remote hijack hole

Adobe has patched a critical vulnerability in the Shockwave player that could compromise hundreds of millions of machines. The company brags that some 450 million users run the vulnerable platform and should manually update through the Adobe website. The memory corruption hole (CVE-2015-7649) allows attackers to compromise …
Darren Pauli, 29 Oct 2015

Adobe releases out-of-band security patches – amazingly not for Flash

Today, Adobe released important patches for some of its other products – people still using Flash can stand down, however. Web app development kit ColdFusion has a couple of patches for versions 10 and 11 for holes that could be exploited to pull off cross-site scripting attacks. Meanwhile, BlazeDS server-side software has …
Iain Thomson, 17 Nov 2015

Adobe to brick eight Acrobat, Reader flaws next Tuesday

Adobe will be brick over eight holes in a patch run next week. Acrobat will receive the lion's share of fixes; these include Acrobat DC, Reader DC, and XI. Adobe Reader X and XI will each receive a patch for versions 10.1.15 and 11.0.12 respectively. All patches apply to Windows and Mac offerings. The advanced notification …
Team Register, 09 Oct 2015

Dum dum dum - another cloud bites the dust (Adobe's photo cloud)

Adobe's announced it will close Revel, its Flickr-like cloudy photo storage service. The company's announced that the service will close its doors on February 23rd, 2016. Users are being herded towards encouraged to instead adopt Adobe's US$9.99/£8.57 a month Creative Cloud Photography offering. Adobe's telling Revel users …
Darren Pauli, 24 Nov 2015

Kill Flash: Adobe says patch to fix under-attack hole still days away

Just a day after its monthly batch of security updates, Adobe has confirmed it will issue an emergency critical patch for Flash next week. With somewhat regrettable timing, given Adobe's patching cycle, Trend Micro's security researchers announced on Tuesday that it had discovered in the plugin a vulnerability, CVE-2015-7645, …
Iain Thomson, 15 Oct 2015

Adobe pays US$1.2M plus settlements to end 2013 breach class action

Adobe has paid an undisclosed amount to settle customer claims and faces US$1.2 million in legal fees after its 2013 data breach which compromised the details of 38 million users. The creative content king was served a November 2013 class action lawsuit filed in California in which it is claimed "shoddy" security practises …
Darren Pauli, 17 Aug 2015

VMware warns of info leaks flowing from Apache-Adobe mess

VMware has warned users of its vCenter, vCloud Director and Horizon products that they need to patch a flaw in Flex BlazeDS. The flaw, CVE-2015-3269, means Apache Flex BlazeDS “allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity …
Simon Sharwood, 19 Nov 2015

Get ready: 'Critical' Adobe Reader patches coming on Tuesday 12 May

Adobe has pre-announced plans to release cross-platform security updates for Adobe Reader and Acrobat next Tuesday (12 May). Windows and Mac versions of Adobe Reader XI (11.0.10, 10.1.13) as well as Adobe Acrobat XI (11.0.10, 10.1.13) will all need patching against (unspecified) critical vulnerabilities in the software. Adobe …
John Leyden, 08 May 2015

Good news: Adobe bangs out Flash patch fast. Bad news: Google's defenses were useless

Adobe's security engineers have pulled out all the stops to release a patch for a shocking vulnerability in Flash much earlier than expected. On Tuesday Trend Micro published details of a bug in all versions of the Flash player for Mac and PCs, and some Linux builds. The flaw is being actively exploited in the wild, Trend said …
Iain Thomson, 16 Oct 2015

GET PATCHED: Adobe plugs Hacking Team Flash holes and more

Adobe has released patches for its Flash software to fix a pair of critical security vulnerabilities exposed by the Hacking Team megabreach. The bugs can be exploited to hijack PCs and infect them with malware – and crooks are already doing just that, so apply the updates now. The security bulletin for Adobe Flash Player ( …
John Leyden, 14 Jul 2015
Big popes, images via Shutterstock

Adobe names ex Microsoft and Oracle bod as cloudy pipe CTO

If you need some cloud plumbing, who you gonna call? Well, for Adobe, it's seemingly Abhay Parasnis. The US multinational software developer has picked Parasnis – a former Microsoft and Oracle exec who claims responsibility for critical infrastructure and activities floating those giants' public clouds – as its chief …
Gavin Clarke, 21 Jul 2015
Adobe Creative Cloud

Adobe: Flash, pah. Look, we're doing just fine in the cloud, thank you

Adobe has reported better-than-expected earnings for the first quarter of 2015 ahead of what it called are strong financial figures. The Silicon Valley stalwart reported haul of $1.11bn in revenues and earnings per share of $0.44, well ahead of analysts' $0.39 estimates. Over the quarter customers downloaded 30m apps and piled …
Shaun Nichols, 17 Mar 2015
Flash patch

Hackers exploit fresh PC hijack bug in Adobe Flash Player, the internet's screen door

Adobe is advising users and administrators to patch its Flash Player after yet another remote-code execution vulnerability was discovered in the plugin. The patch fixes bug CVE-2015-3113, which allows attackers to take control of a system if it opens a malicious Flash file. Miscreants are exploiting the flaw in the wild to …
Shaun Nichols, 23 Jun 2015

Dead Steve Jobs' Silicon Valley wage-rigging plot costs Apple, Google, Adobe, Intel $415m

Apple, Google, Adobe, and Intel's $415m settlement with Silicon Valley techies over wage-fixing accusations has been formally approved by a judge. On Thursday, Judge Lucy Koh, sitting in the northern district court of California, gave her approval [PDF] to a deal that will see the tech giants compensate workers for potential …
Shaun Nichols, 03 Sep 2015

Microsoft enlists web security pariah Adobe to help build Internet Explorer-killer Spartan

Microsoft has revealed it's working with Adobe on some aspects of project Spartan, its replacement browser that will confine Internet Explorer to the Antique Code Show. When one contemplates Adobe's contribution to browsers, it's hard not to think of the carnage its Flash plugin has wrought with a seemingly never-ending …
Simon Sharwood, 25 Mar 2015

Adobe patches Flash dirty dozen, ignores 155 in Shockwave shocker

Adobe has patched nearly two dozen vulnerabilities in its Flash player including 16 that lead to code execution but is still serving flawed versions with hundreds of holes as part of its Shockwave bundle. The Flash vulnerabilities patched yesterday affect Windows, Mac, and Linux as part of the version 19.x updates. It …
Darren Pauli, 22 Sep 2015

Adobe lifts sheet on Dropbox-style doc sharing cloud

Adobe has unveiled a Dropbox and Box-esque document sharing and collaboration cloud that plugs into Microsoft Office 365. Adobe Document Cloud will let you create, edit and sign documents electronically through a mobile- and touch-enabled interface, built using its software. Adobe reckoned its new cloud, the firm’s third after …
Gavin Clarke, 17 Mar 2015

Decision time: Uninstall Adobe Flash or install yet another critical patch

Adobe has issued yet another update for Flash Player to patch a critical vulnerability revealed in documents leaked from spyware maker Hacking Team. The update patches 36 CVE-listed flaws, including the hacking Team's CVE-2015-5119 bug – which can be exploited by a malicious Flash file to run malware on a victim's system. Some …
Shaun Nichols, 08 Jul 2015
Wall St bull image via Shutterstock

Wall Street turns off music at Adobe results after-party

Financial analysts last night ejected everyone from Adobe’s party prematurely as weaker-than-expected forecasts for the current quarter eclipsed the good progress made in cloud services, causing a share dip. The Creative Suite developer reported a 21 per cent bounce in turnover to $1.22bn in its Q3 of fiscal ’15 ended ended 28 …
Paul Kunert, 18 Sep 2015

Adobe to hire security auditor to prevent repeat of password SNAFU

Australia's privacy commissioner says basic mistakes at Adobe allowed hackers to ransack its customer database in 2013, and reveals that the company plans to appoint auditors to make sure it won't experience a repeat of the breach. Timothy Pilgrim, holder of the privacy commissioner's office, yesterday released a report [PDF] on …
Simon Sharwood, 09 Jun 2015
Bug bounties

Adobe launches cashless bug bounty

Adobe has launched a bug bounty program that hands out high-fives, not cash. The web application vulnerability disclosure program announced today and launched last month operates through HackerOne used by the likes of Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security …
Darren Pauli, 06 Mar 2015

Adobe finds, patches ANOTHER exploited Flash 0day

Another exploited zero-day vulnerability has been uncovered and patched in Adobe Flash, 24 hours after a second flaw in the popular web trinket was found being used in attack kits. Adobe is examining yesterday's zero day, picked up by French researcher Kafeine who spotted it after analysing a version of the popular Angler …
Darren Pauli, 23 Jan 2015
Homer Simpson reading on a tablet

Adobe: We REALLY are taking Flash security seriously – honest

Adobe insists it is working hard to boost the security defenses in its pilloried Flash Player. The Photoshop giant, based in San Jose, California, says it is making an "extensive" push to secure its plugin before another wave of vulnerabilities are revealed in the software. We're told that, as a result of "recent developments …
Chris Williams, 14 Jul 2015

The roots go deep: Kill Adobe Flash, kill it everywhere, bod says

Fortinet security researcher Bing Lui has warned users that they can still be p0wned if they only disable Adobe Flash in web browsers. Lui's warning speaks to advice last week that users dump Flash to bolster security in the wake of the public disclosure of three zero day vulnerabilities (CVE-2015-5122. CVE-2015-5123, and CVE- …
Darren Pauli, 21 Jul 2015

Adobe Flash fix FAIL exposes world's most popular sites

Hackers Luca Carettoni and Mauro Gentile found a badly-applied four-year-old Adobe patch allows attackers to steal information and commandeer accounts for three of the world's top ten websites and 'many' others. The LinkedIn and Minded Security researchers say the indirect Same-Origin-Policy Request Forgery and Cross-Site …
Darren Pauli, 24 Mar 2015

Still using Adobe Flash? Oh well, get updating: 15 hijack flaws patched

People still using Adobe Flash should update the plugin after the Photoshop giant patched 15 remote-code execution holes in its screen-door software. If hackers aren't already exploiting all these holes in the wild, they soon will be. The remote-code exec bugs allow miscreants to hijack vulnerable Windows, OS X and Linux …
Shaun Nichols, 05 Feb 2015

End in sight for Google, Apple, Intel and Adobe wage-fixing lawsuit

An end to the four-year legal battle against Google, Apple, Intel and Adobe for alleged wage-fixing is in sight, with a judge having set a final hearing date for the proposed $415m (£270m) settlement. Last month Google, Apple, Intel and Adobe offered to pay out $415m to make the case go away. The companies made the new offer …
Kat Hall, 03 Mar 2015

Google, Adobe barricade Flash against hacker hordes – we peek inside

Google's team of computer security gurus have described the anti-hacker defenses they've helped Adobe add to Flash Player. It's hoped that these mechanisms will thwart or frustrate miscreants' attempts to exploit programming bugs in the software, and thus hopefully prevent attackers from hijacking victims' PCs and Macs. The …
Chris Williams, 17 Jul 2015

Patch Flash now: Google Project Zero, Intel and pals school Adobe on security 101

Hot on the heels of Microsoft's Patch Tuesday release, Adobe has published security fixes for its Flash Player browser plugin. The March 12 update for the internet's screen door addresses 11 CVE-listed vulnerabilities. Adobe is listing the patch as a top deployment priority for Windows, OS X and Linux systems. Among the flaws …
Shaun Nichols, 12 Mar 2015

Adobe, Level 3 drive a stake through heart of vid-stream creature before it attacks again

The US Patent and Trademark Office has torn up parts of a video-streaming technology patent used against Adobe and Level 3 Communications in a patent-infringement legal scrap. The office's Patent Trial and Appeal Board has invalidated chunks of patent 5,995,091, which describes a "system and method for streaming multimedia data …
Shaun Nichols, 14 Apr 2015

KILLER! Adobe Flash, Windows zero-day vulns leak from Hacking Team raid

Updated Confidential source code stolen from Hacking Team, and subsequently leaked online, has revealed new and extremely serious software vulnerabilities that are exploited by the spyware maker to infect victims' computers. The security holes are used to inject malicious code into PCs; that code installs surveillance tools to monitor …
Chris Williams, 07 Jul 2015

Adobe and software pals haul Forever 21 to court over piracy allegations

A trio of software firms is taking a large US-based fashion retailer to court for allegedly pirating their software. Adobe, Autodesk and Corel claim that clothes bazaar Forever 21 infringed their copyright by illegally copying a raft of well-known software tools and not paying license fees. Forever 21 is a $3.8bn retailer with …
Gavin Clarke, 02 Feb 2015
Adobe security

Critical Adobe Reader and Acrobat patches FINALLY make it out

Adobe belatedly pushed out critical updates for its frequently-attacked Reader and Acrobat PDF software packages on Tuesday. Mac and Windows users of Adobe Reader XI (11.0.08) and earlier versions should update to version 11.0.09. Adobe Reader X (10.1.11) users who can't upgrade are being offered a patched version of the earlier …
John Leyden, 17 Sep 2014

Adobe swallows Aviary, hopes to stuff Creative Cloud into mobes

Adobe has gulped down editing app firm Aviary to beef up its mobile image-fiddling software with an eye on the professional crowd. Scott Preston, veep of the products community, said in a blog post that very little professional editing was done on mobile devices these days – and Adobe is hoping to change that. “While mobile has …

Everyone taking part in Patch Tuesday step forward. NOT SO FAST, Adobe!

Adobe has pushed back the release date for a planned security fix in Acrobat and Reader. The company said that the patch for both Windows and OS X versions of Reader and Acrobat due for tomorrow will instead arrive next week. The delay will give the company time to iron out problems spotted during testing, the company said in …
Shaun Nichols, 09 Sep 2014
Adobe security

Second time's a charm: Adobe has another go at killing Flash hijack flaw

Ready to enjoy the Thanksgiving holiday? Can't wait to open your advent calendar? Not so fast – there's one more patch to install before the month is over. Adobe has posted an update for its Flash plugin, version, to address a critical remote-code-execution vulnerability. This will be the Photoshop giant's second …
Shaun Nichols, 25 Nov 2014

Another day, yet another emergency Adobe Flash patch. Because that's how we live now

The new year hasn't been a pleasant one for Adobe: the Silicon Valley firm has scrambled to close yet more serious security holes in its Flash player. Last week the Photoshop biz rushed out a patch for a critical flaw in Flash that miscreants were exploiting in the wild to hijack victims' computers. Today, a new update has been …
Iain Thomson, 27 Jan 2015
Sorry we're closed

Adobe axes R&D lab in China, insiders blame mandarins and pirates

Adobe is closing the doors of its research and development facility in China – and some within the biz are reportedly blaming the recalcitrant attitude of the Chinese government for the move. "The overall climate in China against Western enterprises has been quite negative and that's one of the major reasons," the anonymous …
Iain Thomson, 25 Sep 2014
Adobe security

You've got three days to patch Adobe Flash, Air, Reader

Adobe has patched seven vulnerabilities in its Flash and Air platforms and one in Reader and Acrobat that is being exploited by attackers. The vulnerabilities could allow attacker to "take control of affected systems" dubbed critical by the company. Administrators were urged to apply the updates within three days on Windows, …
Darren Pauli, 13 Aug 2014
Adobe Flash installer

Drink me: Adobe pours Flash Player bug squash

Adobe is pushing out a cross-platform security fix for a bug in its Flash Player that miscreants are already exploiting. Windows users running Adobe Flash Player and earlier need to update it following the discovery of a zero-day attack. "Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild …
John Leyden, 28 Apr 2014

Adobe spies on readers: EVERY DRM page turn leaked to base over SSL

Adobe has tweaked its Digital Editions 4 desktop ebook reader to now encrypt the data it secretly sends back to headquarters – data that details a user's reading habits. Previously, information on every single tome accessed by Digital Editions 4 was phoned home unencrypted, allowing anyone eavesdropping on a network to intercept …
Iain Thomson, 23 Oct 2014
Adobe Shape vector art in position

Adobe unveils mobile app Cloud Atlas

Max 2014 Adobe’s Creative Cloud obsession hasn’t won over all its users, especially those with memories that stretch back as far as May this year when Adobe ID login credentials were refused in most parts of the globe. Yet the graphics behemoth has been busy joining the dots to make its Creative Cloud platform appear alluring to anyone …
Bob Dormon, 06 Oct 2014
Adobe Creative Cloud 2015

Adobe Creative Cloud 2015 launches – and gets Android in on the act

Pics Adobe has updated its Creative Cloud Suite for 2015, bringing enhancements and new features to 15 desktop applications and delivering tighter integration for its desktop and mobile users. Adobe has also let Android in on the mobile party with versions of Brush, Color, Ps Mix and Shape being made available to the platform for the …
Bob Dormon, 16 Jun 2015

Adobe CSO offers Oracle security lesson: Go click-to-play

Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button …
Darren Pauli, 16 Oct 2014

Graphics pros left hanging as Adobe Creative Cloud outage nears 24 hours

Updated Adobe is struggling to correct a global outage that has already locked customers out of its Creative Cloud online services for nearly 24 hours. The Photoshop maker first tweeted that users were unable to login to their Adobe accounts at 2:22pm Pacific time on Wednesday, and the service was still offline as of 1pm on Thursday …
Neil McAllister, 15 May 2014
Apple's Aperture

Apple abruptly axes Aperture ... Adobe anxiously awaits arrivals

Apple is reportedly ending development of its Aperture photo-tweaking software. The iThing maker said on Friday, via The Loop, that it will be ending development of Aperture and, starting next year, migrating users to its Photos application. Designed as a pro counterpart for iPhoto, Aperture was introduced in 2005. The …
Shaun Nichols, 28 Jun 2014

Adobe appoints former Reg man as open-source chief mobile lead

Adobe, maker of such renowned proprietary products as Flash Player and Creative Suite, has hired a career open-sourcer to lead mobile marketing. Matt Asay has quietly been appointed Adobe’s vice president of mobile for the firm’s digital marketing business, The Reg has learned. He left his post as vice president of community at …
Gavin Clarke, 14 Nov 2014

Adobe Reader sandbox popped says Google researcher

The Acrobat Reader Windows sandbox contains a vulnerability that could allow attackers to break out and gain higher privileges, Google security bod James Forshaw claims. The NTFS junction attack is a "race condition" in the handling of the MoveFileEx call hook Forshaw said. While unpatched, subsequent September updates made the …
Darren Pauli, 27 Nov 2014
IE8 patch

Back-to-school Patch Tuesday: Critical updates for Internet Explorer, Adobe Reader

Microsoft is planning a light edition of Patch Tuesday for September with just four bulletins, only one of which covers critical vulnerabilities. But an upcoming Adobe critical update for its Reader software around the same time means sysadmins are still likely to have their hands full next Tuesday. The sole critical update for …
John Leyden, 05 Sep 2014

Adobe spies on readers: 'EVERY page you turn, EVERY book you own' leaked back to base

Updated Adobe's Digital Editions 4 ebook reader software collects detailed information about the reading habits of its users – and sends it back to the company in a format that's easy for others to slurp. An investigation by Nate Hoffelder of The Digital Reader blog showed that ADE 4 was collecting telemetry on which pages of ebooks …
Iain Thomson, 07 Oct 2014