APSB26-30 : Security update available for Adobe DNG SDK

Adobe has released an update for the Adobe DNG Software Development Kit SDK for Windows and macOS. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and application denial-of-service...

APSB25-55 : Security update available for Adobe Substance 3D Sampler

Adobe has released an update for Adobe Substance 3D Sampler. This update addresses critical vulnerabilities in Adobe Substance 3D Sampler. Successful exploitation could lead to arbitrary code execution...

Adobe Releases Security Updates for ColdFusion

Adobe has released security updates to address a critical vulnerability CVE-2023-38203 affecting ColdFusionlink is external. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security release...

SRC-2022-0003 : Adobe Acrobat Reader DC abs Type 2 Font Parsing Charstring Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Threat Round-up for July 28 - August 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 28 and August 04. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristic...

Threat Actors Target Chinese Language News Sites

A California-based news website covering China, called China Digital Times, was targeted in a spying campaign that involved phishing lures and the use of the NetWire remote access Trojan. The attacks began in February 2017 and were part of a wider campaign of phishing, reconnaissance and malware...

The latest Flash vulnerability has now been added to the Nuclear exploit kit-exploit-warning-the black bar safety net

! Trend Micro latest study found that the Nuclear exploit（Exp）Toolkit latest version has been added to the March just to fix a Flash Player Vulnerability CVE-2 0 1 5-0 3 3 6。 This Flash serious vulnerability is only as Adobe March, a routine update is fixes, Adobe will its the software version...

Vulnerability tracking: Flash critical Vulnerability（CVE-2 0 1 5-0 3 1 1 detailed technical analysis-vulnerability warning-the black bar safety net

Last week's Flash 0day vulnerability you play cool. Known for their natural also want to know its so natural, playing tired, sit down and take a look at this vulnerability causes. Trend Micro recently to the vulnerability detailed analysis, the author translated, the readers. Vulnerability contex...

Users Report Malicious Ads in Skype

Some Skype users have reported seeing malicious ads inside their Skype clients in recent days that lead to a site that tries to download a fake Adobe or Java update. Users in the Skype community forum on Monday said that they have been seeing a banner ad that, if clicked on, will lead to a dodgy...

ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability

ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-299 October 26, 2011 -- CVE ID: CVE-2011-2435 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability...

ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability

ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-200 June 14, 2011 -- CVE ID: CVE-2011-2121 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Play...

ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability

ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-214 June 14, 2011 -- CVE ID: CVE-2011-2112 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player --...

Adobe Photoshop CS5 < 12.0.2 (APSB10-30)

The installed version of Adobe Photoshop is older than 12.0.2, and hence affected by the following issues : - Insecure library loading, which could result in arbitrary code execution. CVE-2010-3127 - Multiple unspecified vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if...

Email Malware Trojan Poses As Adobe Update

Miscreants have begun creating malware that overwrites software update applications from Adobe and others. Email malware that poses as security updates from trusted companies is a frequently used hacker ruse. Malware posing as update utilities, rather than individual updates, represents a new tak...