Items tagged with Adobe

At its annual WWDC conference being held this week in San Francisco, Apple announced that it would be transitioning its long-running Mac OS X to "macOS". Based on the initial screenshots we've been given, there's not going to be a large departure from what we're used to from OS X, but the move is still notable considering OS X has been the chosen name for 15 years. There's a lot of history there. Well, there's also going to be history made with macOS Sierra, as Safari 10 is going to be shipping with common 'legacy' plugins disabled by default. That of course includes Adobe's much-loathed Flash plugin, one of the largest gaping holes of computer security in recent (and even not-so-recent) years.... Read more...
Adobe recently published a security advisory APSA16-03, which details a vulnerability in Adobe Flash Player version 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. This comes after a patch for a zero day exploit was released in early April. Adobe believes the attackers are a group called “ScarCruft”. ScarCruft is a relatively recently APT group that has launched attacks in countries such as Russia, Nepal, South Korea, China, India, Kuwait, and Romania. The group recently has taken advantage of two Adobe Flash and one Microsoft Internet Explorer exploits. ScarCruft currently has two operations called Operation Daybreak and Operation Erebus. Operation Daybreak... Read more...
It seems as though most (if not all) Internet users are awaiting the day when Adobe Flash is finally eradicated from the face of the earth. The Adobe Flash Player plugin has long been a security liability, resource nightmare and battery hog (for mobile users). Although Adobe has announced that it is winding down the use of Flash in favor of HTML5 development, we still have to deal with critical exploits until judgment day arrives. Hence the company has rushed out an emergency patch for Adobe Flash player. According to Adobe, the most serious exploit, CVE-2016-1010, has already been “used in limited, targeted attacks.” In all, the latest security bulletin covers over 20 known security issues in... Read more...
Adobe acknowledged that it muffed an update to its Creative Cloud Desktop application last week, one that caused it to delete files on a "small number" of Mac systems. Once it became aware of the issue, Adobe pulled the plug on the update and has since made another one available for both Mac and Windows systems (there's no indication that the issue affects Windows PCs). "In a small number of cases, the updater may incorrectly remove some files from the system root directory with user writeable permissions. We have removed the update from distribution, and are in the process of deploying a new update which addresses the issue. When prompted for the update, Creative Cloud members should install... Read more...
2015 has proven to be a massive year for Adobe's Flash plugin, but for all the wrong reasons. Flash is already infamous for being one of the most vulnerable pieces of software on the planet, but in 2015, 316 bugs were found and squashed. That comes out to about 6 bugs per week for a piece of software that's used by the vast majority of notebook and desktop users. What's most impressive about the sheer number of bugs Flash has is the fact that ultimately, we're dealing with a mere plugin here, not a massive software package. While Flash was once considered "cool", a de facto choice for Web animation, the past decade hasn't been too kind to it. The negative reputation was earned thanks mostly to... Read more...
As if Adobe's Flash Player needed another nail in its coffin, it nevertheless received yet another one this weekend from Facebook. The world's largest social playground announced that it recently flipped the switch over to HTML5 to be the default video player for videos on its website, and that includes the ones that appear in its News Feed. "From development velocity to accessibility features, HTML5 offers a lot of benefits. Moving to HTML5 best enables us to continue to innovate quickly and at scale, given Facebook’s large size and complex needs," Facebook stated in a blog post. You could see this coming from a country mile, though it didn't happen overnight. Facebook had to address several... Read more...
We’ve been saying it for years: Adobe needs to go ahead and kill Flash. Late Apple CEO Steve Jobs called for Flash’s demise five years ago and at the time, it seemed like an impossibility. But after a half decade of increasing security exploits and performance degradation in even the most powerful PCs, the Internet has quite effectively turned its back on Flash. Companies like Amazon, Google and Firefox have all given Flash the cold shoulder in recent months and the lapses in security show no signs of slowing down. Adobe has finally gotten the hint and is retiring the Flash brand. “Flash has played a leading role in bringing new capabilities to the web,” said Adobe in a corporate blog posting.... Read more...
At this point, we are no longer surprised that Adobe Flash is being used as an easy vector to exploit computers and entire network. Back in the day, late Apple CEO Steve Jobs trashed Adobe Flash, calling it buggy, full of security holes and detrimental to the battery life of mobile devices. Five years later, Flash is still with us and it is still wreaking havoc on all three of those fronts.  The latest Flash vulnerability was revealed this week, and it affects ALL version of the software — yes, even version 19.0.0.207, which was released on Tuesday. The exploit, which is labeled CVE-2015-7645, was masterminded by a group known as Pawn Storm. For now, the exploit hasn’t been directed at the... Read more...
The security gurus at Trend Micro believe that the cyber attackers behind Pawn Storm are performing their dirty deeds by way of a new zero-day vulnerability in none other than Adobe's Flash platform. Shocking that Flash is at the root of it all, isn't it? This is where we all feign surprise, sarcastically of course.In case you're not familiar, Pawn Storm is the name of a cyber espionage campaign that's had high profile targets in its sights. Trend Micro also says that Pawn Storm represents the first use of a Java zero-day that it's seen in the last couple of years, with the affected vulnerability assigned the CVE number CVE-2015-7645.It's essentially another phishing campaign. Emails containing... Read more...
Amazon is the latest major tech company to kick Adobe's Flash platform to the curb. Effective September 1, 2015, the world's most popular online retailer will no longer accept Flash-based advertisements on its main site or through it's third-party Amazon Advertising Platform (AAP), the company announced this week. Interestingly, it's not Flash's history of security woes that prompted Amazon's decision. "This is driven by recent browser setting updates from Google Chrome, and existing browser settings from Mozilla Firefox and Apple Safari, that limits Flash content displayed on web pages," Amazon explained. "This change ensures customers continue to have a positive, consistent experience across... Read more...
Adobe's Flash platform is running out of friends. You may recall that a few weeks ago Mozilla disabled Flash by default in its Firefox browser due to the discovery of multiple critical vulnerabilities, and around the same time, Facebook's chief security officer urged Adobe to set a kill date for its buggy API. Expect more of those sentiments following a recent week long attack on Yahoo's ad network. Security outfit Malwarebytes discovered the "malvertising" campaign, which kicked off on July 28. It involved hackers purchasing ads across Yahoo's various sites and then injecting them with malicious code. The malware would then seek out vulnerable versions of Flash to deliver payloads and ultimately... Read more...
Adobe Flash is going down! Flash has been a boil on the butt of the Internet for years, but we’ve just put up with it despite the often horrid performance and numerous security lapses. However, some recent high-priority hacks using Flash as a conduit have only increased the number of people calling for the demise of the most hated piece of software on the Internet. Twitch, the online game streaming giant, is the latest to announce that it will move away from using Flash (Google’s competing YouTube Gaming service debuted with HTML5 support). Twitch’s efforts to distance itself were aired earlier this month via reddit. “The underlying HTML5 video playback works great and we've been testing it internally... Read more...
Has the time come to put Adobe's Flash Player plugin out of our misery? Facebook CSO Alex Stamos thinks so. In a series of Twitter posts, Stamos makes a plea for Adobe to set a date to euthanize Flash, allowing the web and Internet users at large to move on to better (and more secure) technologies. The question is, will Adobe do it?Probably not at the sole behest of Stamos, though he isn't the only one calling for an end to Flash. An anonymous group calling it Occupy Flash has been pushing for the same thing for the past few years. The Occupy Flash website has been tweeted out thousands of times, has over 5,100 recommendations from Google+ users, and over 20,000 'Likes' on Facebook.For Adobe... Read more...
In the wake of recent security threats that have come to light, Mozilla has made the decision to block Adobe Flash content by default on all versions of its Firefox browser. Mark Schmidt, head of Firefox support at Mozilla and CEO of SupportHacker, announced the change via Twitter on Monday, adding that this is a temporary thing. "BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now. To be clear, Flash is only blocked until Adobe releases a version which isn't being actively exploited by publicly known vulnerabilities," Schmidt said. This has been a bad month for Adobe and its Flash software. A well known Italian hacking group called Hacking Team that sells software exploits... Read more...
We reported last week on a new zero-day vulnerability in Adobe Flash that was revealed following the leak of data from the Italian hacking group "Hacking Team". It's hardly a surprise when such a vulnerability is found in either Flash or Java, and as sad as it is, it's not even surprising to learn that two more have been found. Oy! The latest vulnerabilities, named CVE-2015-5122 and CVE-2015-5123, are considered critical, and affect the Flash player on Windows, OS X, and Linux. A verbatim threat to last week's vulnerability, "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected... Read more...
This week, something nearly as common as breathing happened: a severe Adobe Flash vulnerability was revealed. How this one came to be, however, is far more interesting than most. Earlier this week, a well-known Italian hacking group called 'Hacking Team' was itself hacked. On Monday, the group's Twitter account was hijacked to post a link to a torrent file that includes about 400GB worth of its data. We're now finding out that this data could have huge repercussions for software vendors and regular consumers alike. Because Hacking Team's efforts largely revolve around exploiting bugs in popular software, it's almost of no surprise to see Adobe Flash listed among those affected. It's also of little... Read more...
Adobe's Flash Player has more holes than Swiss cheese, only Swiss cheese doesn't leave you vulnerable to hacker attacks. Flash Player often does, and yet again, there's a zero-day exploit that could allow an attacker to take control of an affected system. The discovered vulnerability and its severity has led to Adobe releasing an out-of-band security patch. This latest zero-day annoyance affects Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh, Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macs, and Flash Player 11.2.202.466 and earlier 11.x versions for Linux. "Adobe is aware of reports that CVE-2015-3113 is being actively... Read more...
There are myriad of ways to improve the battery-life of a laptop, but one of the best is to disable CPU-intensive (or perhaps even GPU-intensive) browser plugins. Adobe's Flash is a perfect example of this. While Flash animations can be detrimental with regards to battery-life, it's made worse when an element in the background is running a video. It's just bad news, and Google realizes it all-too-well. That being the case, the company will soon be introducing a new feature to its Chrome Web browser that lets users disable all Flash content by default, or let Chrome decide which content should be displayed. In the latter case, if some Flash is deemed to be unimportant to the website experience... Read more...
Anyone who picked up the $9.99-per-month offer Adobe has been running for a subscription to its Photoshop and Lightroom software is about to enjoy one of its biggest benefits. Adobe just released Lightroom CC 2015 and mobile apps. Subscribers will be able to upgrade from Lightroom 5.7 to the new 2015 version by simply downloading the update. Say what you will about the software subscription model – having the latest software ready for you the minute it releases is pretty slick.As you’d expect from a new version, Lightroom Creative Cloud (CC) 2015 has some new capabilities. One of them is facial recognition, which has been around for a long time in apps like Google Picasa. Facial recognition goes... Read more...
According to US-based security research firm FireEye, a Russian group it dubs APT28 is responsible for attacking a number of different government agency computers through exploitation of previously unknown vulnerabilities in Adobe Flash and Microsoft Windows. To exploit a vulnerable system, attackers took advantage of a buffer overflow issue in Flash through the use of malformed FLV files and gain remote code execution. On the Windows side, the core issue is a local escalation of privilege flaw which isn't critical by itself, but is made so when paired with the Flash vulnerability. As of the time of writing, Microsoft still hasn't patched its OS issue (but a fix is in the works), but the Flash... Read more...
Whenever a software flaw is discovered and is then patched, it's not often that we'll ever hear about it again (the exceptions are those that do big damage). It's even more rare when we end up hearing about a "medium" bug again four years later. Such is the case of a vulnerability affecting Adobe Flash (don't act surprised!) To be more specific, CVE-2011-2461 is tied to Adobe's Flex SDK, which developers can use to compile their Flash project for exporting to an .SWF file. In older versions of Flex (3.x and 4.x), compiled SWF files allow the injection of a script or HTML, which it can pull off through the module loading mechanism. If someone visits a website with an affected SWF file, requests... Read more...
Adobe is setting its sights on paper documents with its new Document Cloud. The service is meant to be an online hub for storing and sharing forms and other documents that are ordinarily filled out and signed by hand in many workplaces. Not surprisingly, the core of Document Cloud’s capabilities comes from Acrobat, known in this version as Acrobat DC. “People and businesses are stuck in document-based processes that are slow, wasteful, and fragmented,” said Bryan Lamkin, senior vice president of Technology and Corporate Development at Adobe in a statement. “While most forms of content have successfully made the move to digital (books, movies, music), documents and the process of working with... Read more...
Prev 1 2 3 4 5 Next ... Last