Hackers attack weakness in Adobe's Flash Firefox plugin sandbox
It’s been a tough month for Adobe, which has for the second time this month had to release an out of band patch to address flaws affecting its sandboxing implementations.
It’s been a tough month for Adobe, which has for the second time this month had to release an out of band patch to address flaws affecting its sandboxing implementations.
Hackers are using a fake PDF version of a fresh report into Chinese military espionage for a spearphishing campaign that appears to be aimed at Chinese journalists and Japanese-speakers with connections to the media.
Adobe says it will release a patch this week for two previously unseen vulnerabilities that allowed hackers to bypass its ‘Protected Mode’ sandboxing security in Reader and Acrobat X and XI.
A recently found exploit that bypasses the sandbox anti-exploitation protection in Adobe Reader 10 and 11 is highly sophisticated and is probably part of an important cyberespionage operation, the head of the malware analysis team at antivirus vendor Kaspersky Lab said.
Lucian Constantin | 14 Feb | Read more
Researchers from security firm FireEye claim that attackers are actively using a remote code execution exploit that works against the latest versions of Adobe Reader 9, 10 and 11.
Lucian Constantin | 13 Feb | Read more
Scheduled update fixes 17 critical flaws in Flash, two in Shockwave and adds ‘Click to Play’ auto-launch check for embedded Flash in Office documents.
Attackers using the zero day Adobe Flash flaws patched last week delivered the exploits with a spearphishing email aimed at the aerospace sector, according to security researchers.
Adobe recently released an emergency update for Flash Player on all platforms after two zero-day bugs were discovered in the wild targeting Windows and Mac OS X computers. The vulnerabilities allowed hackers to hijack both Windows PCs and Macs. Adobe recommends all users to update their systems as soon as possible.
Adobe, Apple were behind the most software flaws in 2012, but Oracle’s Java was the most exploited and dangerous software for the year, according to research by Kaspersky Lab.
Foxit released version 5.4.5 of its Foxit Reader PDF viewer plug-in on Thursday in order to address a critical remote code execution vulnerability that could have allowed attackers to compromise computers running previous versions of the software.
Lucian Constantin | 17 Jan | Read more
Adobe released security patches for its ColdFusion application server on Tuesday, addressing four critical vulnerabilities that have been actively exploited by attackers since the beginning of January.
Lucian Constantin | 16 Jan | Read more
Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers.
Lucian Constantin | 10 Jan | Read more
Adobe released security updates for its Flash Player and ColdFusion products on Tuesday in order to address critical vulnerabilities that could give attackers control over the affected computers.
Lucian Constantin | 12 Dec | Read more
Adobe has shut down Connectusers.com, a community forum site for users of its Adobe Connect Web conferencing platform, because the site's user database was compromised.
Lucian Constantin | 14 Nov | Read more
Adobe has fixed six critical vulnerabilities in Shockwave Player that could potentially be exploited by attackers to execute malicious code, via the release of version 11.6.8.638 of the software.
Lucian Constantin | 24 Oct | Read more