Articles about Adobe

50 shades of grey can turn Adobe Reader into a hot mess

Hackers can duck antivirus programs and execute malware in Adobe Reader by using greyscale images, says Danish security boffin Dénes Óvári. Lossy compression is thought to be susceptible to the DCTDecode filter, which should nuke malware woven into images and blunt this form of attack. However new intelligence published in the …
Darren Pauli, 03 Mar 2015

Adobe goes out of band to fix frightful Flash flaw

Adobe has issued an out-of-band fix to address what the company warns is an actively-targeted vulnerability in its Flash media plug-in. The company said that the Flash update would address a remote code execution vulnerability present in the Windows, OS X, and Linux versions of Flash Player. Users running Chrome and …
Shaun Nichols, 05 Feb 2014

Cortana, remind me to patch Windows, IE, and Adobe gear next Tues

Microsoft will release eight security updates next Tuesday to squash remote-code execution bugs in Windows and Internet Explorer among other flaws. Meanwhile, Adobe will issue new versions of Acrobat and Reader for this month's Patch Tuesday. Two of the security updates from Microsoft are rated as critical because they allow …
Shaun Nichols, 09 May 2014

Adobe Flash: The most INSECURE program on a UK user's PC

Adobe Flash Player was the most insecure program installed on UK computer users PCs throughout the second quarter of 2014, according to stats from vulnerability management firm Secunia. Nearly seven in 10 (69 per cent) UK PC users were found to have an end-of-life version of Adobe Flash Player 13 installed during Q2 2014. Users …
John Leyden, 10 Jul 2014

Adobe spies on reading habits over unencrypted web because your 'privacy is important'

Adobe confirmed its Digital Editions software insecurely phones home your ebook reading history to Adobe – to thwart piracy. And the company insisted the secret snooping is covered in its terms and conditions. Version 4 of the application makes a note of every page read, and when, in the digital tomes it accesses, and then …
Iain Thomson, 08 Oct 2014
bug on keyboard

Didn't you know? Today's Patch Thursday! Adobe splats hijack bug in Shockwave Player

Adobe has updated its Shockwave Player to close a security hole that could allow hackers to hijack vulnerable Windows and OS X computers. The Photoshop giant said version 12.1.150 will address a flaw that enables an attacker to potentially remotely control a targeted system: a malicious file opened by Shockwave could exploit a …
Shaun Nichols, 13 Mar 2014

Adobe blames 'maintenance failure' for 27-hour outage

Adobe has blamed a maintenance failure for the 27-hour outage in its Creative Cloud suite that left video and photo editors unable to log into online services. “The failure happened during database maintenance activity and affected services that require users to log in with an Adobe ID,” Adobe said in a blog post apologising for …
Office 365 video portal

Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash

Microsoft has added a video portal to Office 365, enabling users to upload and share videos. The service will be in preview soon, and available to all customers with the right kind of subscription in early 2015. So what is the point, when YouTube does this so well? The idea is to manage internal videos with permissions based on …
Tim Anderson, 19 Nov 2014

Buggy software in need of patching? Hey, we got that right here – Adobe

Adobe has released a batch of scheduled security fixes to address critical flaws in its Flash Player and ColdFusion products. The company said the updates will tackle a pair of security vulnerabilities in the two platforms which could be exploited remotely by attackers. For Flash Player, the update applies to Windows, Linux and …
Shaun Nichols, 13 Nov 2013

Microsoft hacks out new EMET, spits out Adobe Flash

Microsoft has emitted a new version of EMET – its Enhanced Mitigation Experience Toolkit. Redmond often recommends deployment of EMET as a frontline defence against attacks, so the release of a new version is noteworthy. The big two enhancements that Microsoft is talking up the loudest are an improved Attack Surface Reduction ( …
Simon Sharwood, 04 Aug 2014
LG Optimus 2X

Android busted for carrying Fake ID: OS doesn't check who really made that 'Adobe' plugin

Google Android allows malware to masquerade as legit, trusted apps thanks to weaknesses in the way the operating system checks digital certificates of authenticity. The flaw, dubbed Fake ID by its discoverers at Bluebox Security, affects all versions of Android from 2.1 (released in 2010) up to Android 4.4. Although Google …
Iain Thomson, 29 Jul 2014

Still using ColdFusion? Really? Well, you'll want to install this patch

Adobe is advising users and administrators running ColdFusion to patch their software following the release of a security fix for an information disclosure vulnerability. The ColdFusion HotFix addresses a vulnerability in the handling of XML data for ColdFusion 10 and 11. Both patches address a single CVE-listed security …
Shaun Nichols, 27 Aug 2015
Borked computer keyboard

Adobe users' purloined passwords were PATHETIC

Adobe's security breach just got worse for the company and the world, after a security researcher revealed that 1.9 million of the company's customers us the string “123456” as their password. The researcher in question is Jeremi Gosney of the Stricture Group, whose Twitter profile claims The Reg has in the past labelled him a “ …
Simon Sharwood, 05 Nov 2013
Oracle headquarters

Done with Microsoft and Adobe patches? Good, here's Oracle's load

Oracle is piling on this month's Patch Tuesday with a collection of security fixes for 16 of its enterprise software platforms. Among the massive wad of updates will be a package of 25 bug fixes for Java SE, 22 of which are remotely exploitable without authentication and 12 of which allow an attacker to take complete control of …
Shaun Nichols, 15 Oct 2014
bug on keyboard

Patch Tuesday brings Microsoft fixes and Adobe Shockwave update

Microsoft and Adobe have delivered the February edition of their monthly security updates. The two firms kicked off the second Patch Tuesday of the year by each releasing fixes for critical vulnerabilities that could allow for remote code execution. For Microsoft, the monthly release consists of six bulletins which address a …
Shaun Nichols, 12 Feb 2014
The Register breaking news

Adobe marketing cloud now to rain spam following Neolane slurp

Adobe has said that it will slurp up digital marketing software firm Neolane into its marketing cloud for $600m in cold, hard cash. Neolane, which operates a software platform for managing digital marketing campaigns across web, email, social and other channels, will be shoved into the Adobe Marketing Cloud, the firm said. The …

Patch Tuesday: Adobe outdoes Microsoft, swats 18 bugs in latest update

Administrators and end users are being advised to update their systems following a set of Patch Tuesday releases from Microsoft and Adobe, which address more than 30 security flaws combined. Adobe said that its monthly update will include patches for its Flash, Reader, and Acrobat platforms, as well as an update for Illustrator …
Shaun Nichols, 13 May 2014

A-D'OH!-BE: Adobe hit by 'sophisticated' MEGA HACK RANSACK

Adobe's systems have been hit by numerous "sophisticated attacks" that have compromised the information of 2.9 million customers, and accessed the source code of Adobe products. The company said on Thursday that it has been the victim of a major cyberattack and said hackers had accessed those millions of customer IDs and …
Jack Clark, 03 Oct 2013
The before and after effects promised by Dove's fake Photoshop action

Adobe all smiles as beret bods spaff cash on non-cloud Creative Suite

A late rally from Adobe customers wanting to buy software on a perpetual license before that option closed this month, coupled with a swelling base of cloudy converts, helped boost the developer's coffers in its fiscal second quarter. Adobe turned over $1.07bn in revenues in the three-month period ended 30 May, up from $1.01bn a …
Paul Kunert, 18 Jun 2014
Facebook logo

Facebook makes Adobe fans change their horrible, horrible passwords

Facebook has scanned millions of email address and password pairs hackers dumped online from Adobe's user account database – so that it can force its social networkers to change their passwords if they used the same logins details for both websites. Late last month, Adobe warned of "sophisticated attacks" on its network in which …
Shaun Nichols, 12 Nov 2013

Security holes in Word, the Windows kernel and Adobe Flash. Party like it's Patch Tuesday again

Flaws in Microsoft Word and Office Web Apps that allow hackers to execute malicious code on vulnerable systems have been fixed in Redmond's latest monthly batch of security bug fixes. In addition, two bugs at the kernel level of Windows XP and 7, and Server 2003 and 2008 R2, allow logged-in attackers to escalate their privileges …
Shaun Nichols, 15 Jan 2014
Disney's Beagle Boys

Three million Adobe accounts hacked? Sorry, make that 38 MILLION

Remember that Adobe security breach earlier this month that leaked the account records of some 3 million customers? Scratch that: the actual number hacked was at least 38 million, it has emerged. In early October, Adobe warned of "sophisticated attacks" on its network in which hackers gained access to data for what was then …
Neil McAllister, 30 Oct 2013

Apple, Google, Intel, Adobe, settle employee-fiddling class action suit

A series of secret pacts among some of the biggest employers in Silicon Valley to cheat their staffers could turn out to be a rather expensive mistake, with Apple, Google, Intel, and Adobe now agreeing to settle the antitrust class-action lawsuit out of court. "This is an excellent resolution of the case that will benefit class …
Iain Thomson, 25 Apr 2014
Adobe Photoshop Mix

EXPLICIT PICS: We take you inside Adobe's Creative Cloud update

Adobe has announced a revamp of its Creative Cloud suite, updating 14 core apps and adding new mobile apps and hardware too. Adobe Ink and Slide Adobe Ink and Slide hardware for iPad made in collaboration with Adonit Despite bringing many a creative business to its knees last month with its Adobe ID authentication snafu, …
Bob Dormon, 18 Jun 2014
Man wrinkles his eyes in an expression of pain, annoyance or dsicomfort

Adobe Creative Cloud 2014: Progress and pain in the usual places

Comment Remember when software product upgrades were a big thing? Balloons, keyrings, parties? Today, they’re slipped under the door furtively like a pizza takeaway price list. And so it is with Adobe’s announcement today of what’s new in Creative Cloud: lots of PR singing by email, but no actual dancing seems to be taking place. When …
Alistair Dabbs, 19 Jun 2014
The Register breaking news

Adobe squashes TWO critical Flash vulnerabilities with emergency patches

Adobe published a critical Flash Player update on Tuesday to fix three exploits, two of which are under active attack by hackers. Two of the three vulnerabilities are being used by nefarious folk, Adobe said, and one of these two explicitly targets the Firefox browser. Adobe introduced the Flash Player sandbox a year ago to …
Jack Clark, 27 Feb 2013

New Flash vuln exploited (again). Adobe posts emergency fix (again)

Adobe has released an update to address critical flaws in its Flash Player software, one of which is being actively targeted in the wild. The company said that the Windows and Mac OS X builds of Flash Player and earlier, and Flash Player and earlier for Linux, must be upgraded to fix a trio of bugs. Adobe …
Shaun Nichols, 20 Feb 2014

Adobe scrambles to revoke stolen cert

Adobe has revealed an attack that compromised some of its software development servers, resulting in its code signing certificate being used to disguise malware as Adobe software. The attackers compromised a build server, Adobe says in this statement, which had “access to the Adobe code signing infrastructure”. The build server …
The Register breaking news

Patch Tuesday deja vu: Adobe patches Flash ... again

Adobe yesterday released a Flash Player update just one week after its patch Tuesday release, providing a bit of extra hassle for admins for the second Tuesday in a row. The latest (APSB12-19) update for Adobe Flash and Adobe AIR addresses six cross-platform flaws in Adobe Flash Player for Windows, Mac OS X, Linux and Android …
John Leyden, 22 Aug 2012

Pawn Storm attack: Flash zero-day exploit hits diplomatic inboxes

Hackers behind a long-running cyber-espionage campaign have begun using a new Adobe Flash zero-day exploit in their latest campaign. The attackers behind Pawn Storm targeted several foreign affairs ministries from around the globe using a Flash-based attack, Trend Micro reports. The targets received spear phishing emails that …
John Leyden, 15 Oct 2015
A storm is brewing (Mali, Sahel). Foto: F. Guichard & L. Kergoat, AMMA project, CNRS copyright.

Adobe's Creative Cloud fails at being a cloud

The file-syncing part of Adobe's new Creative Cloud family of technologies has been intermittently broken for a week, taking the "cloud" part out of Adobe's "Creative Cloud" redesign of its products. Now Adobe is suspending it "for the next couple of weeks" to make updates. The sync feature, which means files being fiddled with …
Jack Clark, 17 May 2013
The Register breaking news

Adobe plugs up buffer overflow holes in Shockwave update

Adobe released a patch for its Shockwave Player software on Tuesday, addressing six security vulnerabilities that might easily lend themselves to malware-pushing exploits. Shockwave Player and earlier versions on both Windows and Mac need updating to the latest version: Shockwave Player Adobe said it was …
John Leyden, 24 Oct 2012
The Register breaking news

'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe 0-day

A new security bug in the popular Foxit PDF reader plugin for web browsers allows miscreants to compromise computers and install malware. There's no patch for this zero-day vulnerability. Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on …
John Leyden, 11 Jan 2013
The Register breaking news

Adobe investigating attacks on PDFs using zero-day flaw

Vulnerability researchers at FireEye are reporting that Adobe's Reader software has a zero-day flaw that hackers are already exploiting in the wild. FireEye flaw You've been pwned (click to enlarge) The flaw is found in Adobe Reader 9.5.3, 10.1.5, and 11.0.1 and involves sending a specially crafted file to the target. …
Iain Thomson, 14 Feb 2013

Angler plonks August's Flash feeding frenzy into its boat

Crooks behind the world's worst exploit kit, Angler, have added the latest Adobe Flash vulnerabilities to the suite's long list of attack vectors. Angler now sports support for some of the 35 Flash player holes detailed and patched last month that includes eight memory corruption flaws and five type confusion bugs. French …
Darren Pauli, 07 Sep 2015
Stella Artois: Queens Tennis Championship. Artwork by for The Guardian

(Re)touching on a quarter-century of Adobe Photoshop

Feature Nothing proves the popularity of a star product more than its name being used as a verb. Rival companies hate it, but carpets get Hoovered, wrapping paper gets Sellotaped. And what do you do to a photo? A poorly Photoshopped picture can arouse horror or derision, while a half-decent one can become an internet phenomenon. Think …
Alistair Dabbs, 19 Feb 2015
The Register breaking news

Adobe punts fix for Reader, Acrobat holes battered by PC, Mac hackers

Adobe has pushed out an emergency security update for its PDF viewing software Reader and Acrobat to plug zero-day vulnerabilities that emerged last week. The cross-platform update, issued yesterday, addresses flaws that were being actively exploited by miscreants to compromise and take over Microsoft Windows and Apple Mac OS X …
John Leyden, 21 Feb 2013

Read the Economist last weekend? You may have fetched more than just articles (yup, malware)

Third bathroom reading material The Economist served malware from its website via the compromised PageFair network. The biz mag today alerted readers that it put their PCs at risk last weekend. "If you visited at any time between Oct. 31, 23:52 GMT and 01:15 GMT, Nov. 1, using Windows OS and you do not have …
Shaun Nichols, 06 Nov 2015
The Register breaking news

Adobe Reader 0-day exploit surfaces on underground bazaars

Miscreants have reportedly discovered a zero-day vulnerability in latest version of Adobe Reader. Exploits based on the vulnerability, which circumvents sandbox protection technology incorporated into Adobe X and Adobe XI, are on sale in underground forums. Pricing starts at a hefty $30,000 but the exploit has already made its …
John Leyden, 08 Nov 2012

In 2015, your Windows PC can be owned by opening a spreadsheet

Microsoft and Adobe have pushed out their scheduled monthly security updates, with familiar names like IE and Flash once again getting critical fixes. For Redmond, the October update brings fixes for 33 CVE-listed security vulnerabilities. The updates include a cumulative fix for Internet Explorer and patches to address …
Shaun Nichols, 13 Oct 2015

Flash deserves to live, says Cisco security man

Don't kill Flash; that's the message from Cisco security veteran John Stewart who says the Adobe team have put in the hard yards into reforming security and needs to weather the current bug storm. The advice follows a call for the ravaged runtime to be expunged from the digital world by former Yahoo-cum-Facebook security man …
Darren Pauli, 31 Jul 2015
Adobe Flash installer

Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming

Adobe plans to patch Flash yet again after yet another zero-day vulnerability in the web video software leaves PCs prone to hijacking. The PSA15-02 security advisory details a security hole that hackers are already exploiting to compromise vulnerable systems. An upcoming update to squash the critical bug makes it three patches …
John Leyden, 02 Feb 2015

Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals

Updated Two more serious Adobe Flash vulnerabilities have emerged from the leaked Hacking Team files, ones which allow malefactors to take over computers remotely – and crooks are apparently already exploiting at least one of them to infect machines. The use-after-free() programming flaws, for which no patches exist, are identified as …
Chris Williams, 12 Jul 2015

New Flash flaw lets you beat White House and NATO security

Don't ignore the next emergency Flash Player update you receive: it might be trying to fix yet another vulnerability in the chronically-insecure plug-in. According to Trend Micro, the vulnerability is already being used by Pawn Storm in phishing attacks against a variety of governments. Trend's analysts reckon the zero-day …

FLASH MUST DIE, says Facebook security chief

Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
Darren Pauli, 14 Jul 2015
The Register breaking news

Rid yourself of Adobe: New Firefox 19.0 gets JAVASCRIPT PDF viewer

Mozilla's Firefox web browser now includes a built-in PDF viewer - allowing users to bin plugins from Adobe and other developers. The move to run third-party PDF file readers out of town comes after security holes were discovered in closed-source add-ons from FoxIt and Adobe. The new built-in document viewer is open source, just …
Anna Leach, 20 Feb 2013
Flash disabled screen grab

Amazon to trash Flash, as browsers walk away

Amazon – the retail juggernaut, not the cloud juggernaut – has flicked Flash ads citing the increasing number of ways they're blocked at the browser as its reason. Driven at least in part by others' reaction to chronic insecurity in the plug-in-platform, Amazon says it will no longer accept advertisements that use Flash after …

Oracle plugs flaw used in attacks on NATO and the White House

Oracle has crushed a critical click-to-play vulnerability attackers used in the NATO-busting hacking operation known as Pawn Storm, Trend Micro threat analyst Jack Tang says. The patch is part of a run of 154 fixes from Big Red including 25 for the ravaged Java runtime. The fix will either irk or amuse the sophisticated …
Darren Pauli, 21 Oct 2015
The Register breaking news

Adobe spurts spackle* into Flash's gaping holes

Adobe has updated its Flash Player software ahead of schedule to head off crooks exploiting critical vulnerabilities uncovered in the product. The flaws were reported by Google's security team. The cross-platform upgrade includes new builds of Flash for Windows, Mac OS X, Linux and Android-powered smartphones. Adobe AIR on …
John Leyden, 07 Nov 2012

Users grumble after Adobe cancels Acrobat X Suite

Adobe has cancelled its Acrobat X Suite – launched just 18 months ago - and now recommends its customers acquire a more expensive product. The company has buried slipped a statement about the cancellation of the suite into its FAQ for Acrobat. The suite bundled Adobe Acrobat X Pro, Designer ES2, Photoshop CS5, Adobe Captivate 5 …
Simon Sharwood, 18 Oct 2012