ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability

ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability. “Adobe has released a second patch to resolve a critical zero-day vulnerability in Adobe Reader after its original fix failed. The vulnerability, CVE-2019-7089, was patched in Adobe’s February 12 patch release. Buried among 42 other critical bugs, the security flaw was described as a sensitive data leak problem which can lead to information disclosure when exploited.”

CBR: Seven Out of Every Ten Open Vulnerabilities Belong to Just Three Vendors

CBR: Seven Out of Every Ten Open Vulnerabilities Belong to Just Three Vendors. “Seven out of every ten open vulnerabilities observed by customers belongs to just three vendors, Oracle, Microsoft and Adobe. These are the findings of cyber security enterprise Kenna Security in their new report Prioritization to Prediction, which explores how enterprises are dealing with open vulnerabilities.”

The Register: Hope you’re over that New Year’s hangover – there’s an Adobe PDF app patch to install

The Register: Hope you’re over that New Year’s hangover – there’s an Adobe PDF app patch to install . “Adobe has issued its first patch of the year, emitting fixes for a pair of high-risk vulnerabilities in Acrobat and Reader. The APSB-02 security bundle is being recommended as a high-priority fix, so install it as soon as you can.”

The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO!

The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO! . “Stop us if you’ve heard this one before: An Adobe Flash zero-day vulnerability is being actively targeted in the wild to hijack victims’ Windows PCs. Researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 uncovered a phishing campaign that exploits CVE-2018-15982, prompting Adobe to today release an out-of-band emergency update to patch up the flaw.”

The Register: Did you hear? There’s a critical security hole that lets web pages hijack computers. Of course it’s Adobe Flash’s fault

The Register: Did you hear? There’s a critical security hole that lets web pages hijack computers. Of course it’s Adobe Flash’s fault. Deep sigh. “Adobe has emitted software updates to address a critical vulnerability in Flash Player for Windows, Mac, and Linux. PC owners and admins will want to upgrade their copies of Flash to version 31.0.0.153 or later in order to get the patch – or just dump the damn thing all together.”

The Register: Haven’t updated your Adobe PDF software lately? Here’s 85 new reasons to do it now

The Register: Haven’t updated your Adobe PDF software lately? Here’s 85 new reasons to do it now. “Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS. The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities.”