CNET: Adobe Shockwave gets the ax on April 9. “Adobe is retiring Shockwave. On April 9, the browser-based multimedia platform will be discontinued and the Shockwave player for Windows won’t be available for download.” ooooh, I am feeling ooooold.
ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability. “Adobe has released a second patch to resolve a critical zero-day vulnerability in Adobe Reader after its original fix failed. The vulnerability, CVE-2019-7089, was patched in Adobe’s February 12 patch release. Buried among 42 other critical bugs, the security flaw was described as a sensitive data leak problem which can lead to information disclosure when exploited.”
CBR: Seven Out of Every Ten Open Vulnerabilities Belong to Just Three Vendors. “Seven out of every ten open vulnerabilities observed by customers belongs to just three vendors, Oracle, Microsoft and Adobe. These are the findings of cyber security enterprise Kenna Security in their new report Prioritization to Prediction, which explores how enterprises are dealing with open vulnerabilities.”
Lifehacker: 27 Free Alternatives to Adobe’s Expensive App Subscriptions. “As you can imagine, Adobe’s price increase has set off a flurry of activity on the internet, with many annoyed users jumping onto Twitter threads and blog posts to suggest alternatives to Adobe’s ever-more-expensive subscription apps.”
The Register: Hope you’re over that New Year’s hangover – there’s an Adobe PDF app patch to install . “Adobe has issued its first patch of the year, emitting fixes for a pair of high-risk vulnerabilities in Acrobat and Reader. The APSB-02 security bundle is being recommended as a high-priority fix, so install it as soon as you can.”
The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO! . “Stop us if you’ve heard this one before: An Adobe Flash zero-day vulnerability is being actively targeted in the wild to hijack victims’ Windows PCs. Researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 uncovered a phishing campaign that exploits CVE-2018-15982, prompting Adobe to today release an out-of-band emergency update to patch up the flaw.”
The Register: Did you hear? There’s a critical security hole that lets web pages hijack computers. Of course it’s Adobe Flash’s fault. Deep sigh. “Adobe has emitted software updates to address a critical vulnerability in Flash Player for Windows, Mac, and Linux. PC owners and admins will want to upgrade their copies of Flash to version 18.104.22.168 or later in order to get the patch – or just dump the damn thing all together.”