Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.
posted by Fnord666 on Wednesday March 10 2021, @10:05PM   Printer-friendly

Adobe Critical Code-Execution Flaws Plague Windows Users:

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems.

Affected products include Adobe's Framemaker document processor, designed for writing and editing large or complex documents; Adobe's  Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.

"Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates," according to an Adobe spokesperson.

Adobe fixed a critical flaw (CVE-2021-21056) in Framemaker, which could allow for arbitrary code execution if exploited. The vulnerability is an out-of-bounds read error; which is a type of buffer-overflow flaw where the software reads data past the end of the intended buffer. An attacker who can read out-of-bounds memory might be able to get "secret values" (like memory addresses) that could ultimately allow him to achieve code execution or denial of service.

[...] Adobe also fixed three critical vulnerabilities in the desktop application version of Adobe Creative Cloud for Windows users.

Two of the three critical flaws could enable arbitrary code execution: One of these (CVE-2021-21068) stems from an arbitrary file-overwrite hole, while the other (CVE-2021-21078) exists due to an OS command-injection error. The third critical flaw (CVE-2021-21069) stems from improper input validation and could allow an attacker to gain escalated privileges.

[...] Several critical- and important-severity bugs were patched in Adobe Connect.

One critical bug (CVE-2021-21078) stemmed from improper input validation; this could allow for arbitrary code execution.

And, three important cross-site scripting (XSS) flaws (CVE-2021-21079, CVE-2021-21080, CVE-2021-21081) were patched. These could allow for arbitrary JavaScript execution in the victim's browser, if exploited.


Original Submission

Related Stories

Ethical AI art generation? Adobe Firefly may be the answer. 13 comments

https://arstechnica.com/information-technology/2023/03/ethical-ai-art-generation-adobe-firefly-may-be-the-answer/

On Tuesday, Adobe unveiled Firefly, its new AI image synthesis generator. Unlike other AI art models such as Stable Diffusion and DALL-E, Adobe says its Firefly engine, which can generate new images from text descriptions, has been trained solely on legal and ethical sources, making its output clear for use by commercial artists. It will be integrated directly into Creative Cloud, but for now, it is only available as a beta.

Since the mainstream debut of image synthesis models last year, the field has been fraught with issues around ethics and copyright. For example, the AI art generator called Stable Diffusion gained its ability to generate images from text descriptions after researchers trained an AI model to analyze hundreds of millions of images scraped from the Internet. Many (probably most) of those images were copyrighted and obtained without the consent of their rights holders, which led to lawsuits and protests from artists.

Related:
Paper: Stable Diffusion "Memorizes" Some Images, Sparking Privacy Concerns
90% of Online Content Could be 'Generated by AI by 2025,' Expert Says
Getty Images Targets AI Firm For 'Copying' Photos
Adobe Stock Begins Selling AI-Generated Artwork
A Startup Wants to Democratize the Tech Behind DALL-E 2, Consequences be Damned
Adobe Creative Cloud Experience Makes It Easier to Run Malware
Adobe Goes After 27-Year Old 'Pirated' Copy of Acrobat Reader 1.0 for MS-DOS
Adobe Critical Code-Execution Flaws Plague Windows Users
When Adobe Stopped Flash Content from Running it Also Stopped a Chinese Railroad
Adobe Has Finally and Formally Killed Flash
Adobe Lightroom iOS Update Permanently Deleted Users' Photos


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Informative) by stretch611 on Wednesday March 10 2021, @10:37PM

    by stretch611 (6199) on Wednesday March 10 2021, @10:37PM (#1122472)

    Adobe needs something in the tech news in order to stay relevant.

    It just decided that buggy software is what it is known for.

    Honestly, I am only surprised by the fact that Adobe Reader (pdf) is not one of the programs with the critical flaws. (Though I am sure it will be listed the next time.)

    --
    Now with 5 covid vaccine shots/boosters altering my DNA :P
  • (Score: 4, Insightful) by looorg on Wednesday March 10 2021, @10:41PM

    by looorg (578) on Wednesday March 10 2021, @10:41PM (#1122478)

    How many horrible crippling flaws can one company be responsible for before one starts to wonder what is really wrong at the company. It just seems like Adobe is punching well above their reach.

  • (Score: 2, Insightful) by aristarchus on Wednesday March 10 2021, @10:48PM (8 children)

    by aristarchus (2645) on Wednesday March 10 2021, @10:48PM (#1122480) Journal

    Is it really the fault of an incompetent software company, and arrestors of conference participants [cnet.com], that their product opens vulnerabilities in a insecure operating system? Is it right to blame the proximate cause, or the underlying common defect? Windows. The problem is Microsoft. Adobe is a symptom.

    • (Score: 2, Touché) by fustakrakich on Wednesday March 10 2021, @11:07PM

      by fustakrakich (6150) on Wednesday March 10 2021, @11:07PM (#1122490) Journal

      Not really a symptom, they just prefer that you use a Mac

      --
      La politica e i criminali sono la stessa cosa..
    • (Score: 2) by Runaway1956 on Wednesday March 10 2021, @11:27PM (6 children)

      by Runaway1956 (2926) Subscriber Badge on Wednesday March 10 2021, @11:27PM (#1122500) Journal

      I don't think I actually agree with you, but your thinking (on this subject) is good. While you can't go wrong by pointing fingers at Microsoft, I think Adobe shares a lot of the blame.

      --
      “I have become friends with many school shooters” - Tampon Tim Walz
      • (Score: 2) by aristarchus on Thursday March 11 2021, @01:04AM (5 children)

        by aristarchus (2645) on Thursday March 11 2021, @01:04AM (#1122528) Journal

        I don't think

        I know, Runaway, I know.

        • (Score: 2) by Runaway1956 on Thursday March 11 2021, @01:09AM (4 children)

          by Runaway1956 (2926) Subscriber Badge on Thursday March 11 2021, @01:09AM (#1122532) Journal

          LOL, you get away with pretending to think, all the while spouting your partisan nonsense.

          --
          “I have become friends with many school shooters” - Tampon Tim Walz
          • (Score: 2) by aristarchus on Thursday March 11 2021, @01:16AM (3 children)

            by aristarchus (2645) on Thursday March 11 2021, @01:16AM (#1122535) Journal

            And here I thought that you thought that you thought that you agreed with me! Who is the partizan now, mon frere?

            • (Score: 2) by Runaway1956 on Thursday March 11 2021, @02:24AM (2 children)

              by Runaway1956 (2926) Subscriber Badge on Thursday March 11 2021, @02:24AM (#1122561) Journal

              Don't you "Mon Furrie" ME, you pervert!

              --
              “I have become friends with many school shooters” - Tampon Tim Walz
              • (Score: 0) by Anonymous Coward on Thursday March 11 2021, @09:14PM

                by Anonymous Coward on Thursday March 11 2021, @09:14PM (#1122931)

                now this is what I come here for! you two or two like you exchanging such mental barbs.

                Maybe you guys sit in my seat up in the theatre 2nd level and we can call you Statler and Waldorf.

              • (Score: 0) by Anonymous Coward on Friday March 12 2021, @02:19AM

                by Anonymous Coward on Friday March 12 2021, @02:19AM (#1123053)

                No pictures though!

  • (Score: 2, Funny) by Anonymous Coward on Wednesday March 10 2021, @10:55PM

    by Anonymous Coward on Wednesday March 10 2021, @10:55PM (#1122486)

    It's for the good of mankind.

  • (Score: 4, Funny) by Frosty Piss on Wednesday March 10 2021, @11:02PM (8 children)

    by Frosty Piss (4971) on Wednesday March 10 2021, @11:02PM (#1122488)

    The only Adobe product I still use is Photoshop, because Gimp isn’t yet quite up to doing complex print related things. Hopefully Gimp will get there. Also, I despise SAS...

    • (Score: 1, Interesting) by Anonymous Coward on Thursday March 11 2021, @02:07AM (7 children)

      by Anonymous Coward on Thursday March 11 2021, @02:07AM (#1122550)

      Gimp and Photoshop do different things. The closest FOSS to Photoshop currently is Krita. https://krita.org/en/ [krita.org]

      • (Score: 1, Insightful) by Anonymous Coward on Thursday March 11 2021, @03:50AM (2 children)

        by Anonymous Coward on Thursday March 11 2021, @03:50AM (#1122591)

        Isn't Krita more of a competition to Illustrator?

        • (Score: 2) by Frosty Piss on Thursday March 11 2021, @04:08AM (1 child)

          by Frosty Piss (4971) on Thursday March 11 2021, @04:08AM (#1122600)

          I think so.

          • (Score: 2) by DannyB on Thursday March 11 2021, @05:37PM

            by DannyB (5839) Subscriber Badge on Thursday March 11 2021, @05:37PM (#1122833) Journal

            At times I wonder if people even understand the difference between photoshop and illustrator. Or raster and vector graphics.

            --
            The thing to remember about the saying "you are what you are" is, that saying: is what it is.
      • (Score: 2) by Freeman on Thursday March 11 2021, @05:49PM (2 children)

        by Freeman (732) on Thursday March 11 2021, @05:49PM (#1122839) Journal

        Gimp "is a free and open-source raster graphics editor" and was initially released in 1996. https://en.wikipedia.org/wiki/GIMP [wikipedia.org] Photoshop "is a raster graphics editor developed and published by Adobe Inc." and was initially released in 1990. https://en.wikipedia.org/wiki/Adobe_Photoshop [wikipedia.org]

        The biggest difference is that one is free and open-source, while the other is proprietary. Also, professionals tend to use Photoshop. Certainly due to a large number of factors, but I imagine a lot of it is due to the fact that open-source was this geeky thing in the past. Also, Adobe has thrown boat loads more money at the problems / solutions for their user base than Gimp could ever dream.

        --
        Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
        • (Score: 2) by Freeman on Thursday March 11 2021, @05:58PM

          by Freeman (732) on Thursday March 11 2021, @05:58PM (#1122844) Journal

          Looking at Krita, it's also a raster graphics editor. It does seem to be a bit more user-friendly compared to Gimp, especially with regards to use of a Wacom or other digital art tablet/device. https://en.wikipedia.org/wiki/Krita [wikipedia.org]

          --
          Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
        • (Score: 0) by Anonymous Coward on Thursday March 11 2021, @08:10PM

          by Anonymous Coward on Thursday March 11 2021, @08:10PM (#1122898)
          Gimp is shit that's just slapped together. I've resorted to using Paint.NET and it's much easier to use.
      • (Score: 2) by Freeman on Thursday March 11 2021, @06:06PM

        by Freeman (732) on Thursday March 11 2021, @06:06PM (#1122850) Journal

        The most interesting thing I found is that Krita just released a beta version for Android. That could be very interesting on the likes of a Samsung Tablet with an S-Pen. Certainly massively cheaper than an iPad with an Apple Pencil or a Wacom Cintiq. I tried getting my wife into digital drawing, but she never came around to the idea. Not that she's done much in that area recently, anyway.

        --
        Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 3, Informative) by meustrus on Thursday March 11 2021, @04:47AM

    by meustrus (4961) on Thursday March 11 2021, @04:47AM (#1122606)

    Look, anybody that cares about security vulnerabilities knows what arbitrary code execution means. The ways a particular flaw enables that can be interesting at times.

    But when I see a story like this, I have one question: what is the attack vector? Seriously. Is this a flaw in some networking aspect of the program? Or do I need to open a specially crafted file?

    It's impossible to know what your exposure is when these blurbs don't say whether I need to be careful about email attachments (like I'm not already), or uninstall the program.

    (for this story, it doesn't particularly matter to me because I don't even use these Adobe products. However, this has been a trend in security reporting on this site in general)

    --
    If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
  • (Score: 3, Insightful) by Dr Spin on Thursday March 11 2021, @08:13AM (1 child)

    by Dr Spin (5239) on Thursday March 11 2021, @08:13AM (#1122638)

    Surely Windows systems are vulnerable by definition?

    --
    Warning: Opening your mouth may invalidate your brain!
    • (Score: 0) by Anonymous Coward on Thursday March 11 2021, @09:50AM

      by Anonymous Coward on Thursday March 11 2021, @09:50AM (#1122662)

      Wouldn't it be more concise to state: Adobe plagues Window users?

  • (Score: 0) by Anonymous Coward on Thursday March 11 2021, @01:09PM

    by Anonymous Coward on Thursday March 11 2021, @01:09PM (#1122693)

    "plague" - a word used in a headline to gain clicks only to connect to a story that says the issue they are mitigating has been no big deal in the wild

(1)