Adobe Reader, Photoshop & Co .: An overview of the Adobe updates

0


Adobe programs are one of the most important software because they are widespread – and are therefore particularly often the target of hackers and malware. Despite Windows security functions such as DEP (D.ata E.xecution P.revention) and ASLR (A.ddress S.pace L.ayout R.andomisation) attackers succeed again and again in exploiting security gaps in Adobe products and in this way smuggling malicious programs onto users’ PCs. The manufacturer regularly distributes updates against newly discovered vulnerabilities in its software – on the second Tuesday of each month, which is also Microsoft’s patch day. The editors present the new versions here. The updates primarily close security gaps; sometimes they also improve stability or add (more hidden) new functions.

Updated several Adobe applications

With Updates 41, Adobe closes gaps in five programs: Acrobat and Reader, Illustrator, Adobe Bridge, InCopy and InDesign.

the Adobe Reader houses 26 bugs threatening PCs. Adobe rates 16 of them as critical, three as important and seven as moderate. The critical security leaks allow attackers to execute code and elevate rights. One of the moderate gaps also allows privilege escalation. Code execution occurs when a victim of an attack receives a specially manipulated PDF file and opens it. The provider indicates the update priority for Adobe Reader as 2.

Four security holes lie dormant Incopy, a writing program for authors and editors. Three of the gaps are critical and one is classified as important. The update priority is 3.

From those in the layout program for desktop publishing “Adobe InDesign” The gaping three vulnerabilities, two are critical, one is moderate. Adobe names update priority 3.

The media file management program “Adobe Bridge” contains mostly moderate gaps (four), plus one gaps classified as important and one critical gap. The manufacturer notes a 3 as the update priority.

The vector-based graphics / drawing program “Adobe Illustrator” (Ai for short) is plagued by one moderate and one major security vulnerability. The update priority is 3, the lowest that is possible.

Adobe Acrobat Reader 2021.011.20039: Download the latest version

Probably the most frequently used program for PDF display is Adobe Reader, also Acrobat Reader DC (D.ocument C.loud) called. In contrast to the discontinued Flash Player, which is being displaced more and more by open web standards, the PDF is still relevant for most users, as it is the standard exchange format for digital file documents. Adobe’s PDF software is expensive and has limited functionality in the free version. Some users still want to use the original: Acrobat Reader DC displays PDF files as the inventor of this format wanted.

Download Adobe Acrobat Reader DC

Download Adobe Acrobat Reader DC (Mac)

Adobe Flash Player: Final Update

A recently widely used program is Adobe Flash Player. It shows videos, games and advertisements in the browser – but it is not a good star, because the program is hardly necessary any more. Vulnerabilities make it increasingly insecure. For this reason, Adobe announced a long time ago that it would end support at the end of 2020.

In December 2020 the Flash Player got its last update – to Version 32.0.0.465. It probably did not fix any security holes, because Adobe announced “Assorted functional fixes” (various functional corrections) in the changelog.

Uninstall Adobe Flash Player

The Flash Player has come under fire because it regularly dominates negative headlines, eats up resources and does not always run stably. Due to the resource requirements, it reduces the battery life of mobile devices. The days of the web player are numbered: Adobe will no longer develop it in 2021 – and thus hear the loud request of some forum users to bury the piece of software. If it was unthinkable a few years ago to do without it, it is not dramatic today: Modern browsers display videos and multimedia elements on websites natively, i.e. without plug-ins – this is made possible by HTML5 or WebGL. The best thing to do is to uninstall the Flash Player if you have installed it. Instructions can be found in another article. The distance goes quickly with the Adobe Flash Player Uninstaller take place.

Download Adobe Flash Player Uninstaller

Continue to use Flash content

If you want to continue using Flash content, please download it. The required URL for the Flash object of a website can be found in your source code: In Firefox, right-click a website with Flash content to be rescued and select “Show page source text” in the context menu. Now use the browser search function (press Ctrl-F) to search for “.swf”. You copy the SWF object URL into the address bar and press Enter to start a file download. If there is a reference to main.swf in the source code instead of a normal URL, then assemble the download URL according to the domain.de/main.swf scheme. You can play the downloaded file in a portable player, for example Ruffle away. It starts from its EXE file.

Download Ruffle (play Flash content without Flash)

Continue to use Flash: This is how it works without Flash Player – Download Flash content

Adobe’s update CVE / rating system explained

When it comes to patches against security problems, Adobe distinguishes between several levels: Priority 1, 2 and 3 – depending on the risk. There are also the ratings “critical”, “important” and “medium”. Updates with the Priority 1 According to the company, eliminate vulnerabilities that are “attacked by exploits in circulation or that are at increased risk of being attacked”. Exploits are malicious programs that take advantage of loopholes. Priority-2-Updates plug gaps in products with an increased security risk, but no known malicious programs that exploit them are yet in circulation. Priority-3Updates, in turn, deal with leaks that are not known to be targeted. “Critical” Vulnerabilities allow malicious code to run unnoticed. “Important” means that a vulnerability impairs data security and enables attackers to read information or reduce system performance. “Medium” Gaps, on the other hand, have little impact or are difficult to abuse. (See also Severity Ratings.)

Vulnerable programs: You should update them

Adobe DNG Converter & Camera Raw

The DNG Converter converts raw data images (in the so-called RAW format) into Adobe’s own DNG format. In this way, photographers create compatibility with numerous software in order to read in such content – because with RAW every camera manufacturer cooks its own soup, while DNG is an open-source standard. Ideally, the DNG files can still be read in many years.

Download Adobe DNG Converter & Camera Raw

Download Adobe DNG Converter & Camera Raw (Mac)

Adobe Air: Download the latest version

Adobe Air is a runtime environment that executes appropriately programmed software. Few applications use the technology; an example is a particular puzzle. Incidentally, Oracle also has a runtime environment up its sleeve with Java, which is comparable to the Air Runtime. Oracle holds its regular updates less often than Microsoft and Adobe (whose patch day falls on the same day).

Adobe Digital Editions: Download the latest version

Many eBook fans won’t get very far without Adobe Digital Editions (ADE): With the free digital rights management, they can read copy-protected electronic books on their computers that they have downloaded from the Internet.

Download Adobe Digital Editions

Download Adobe Digital Editions (Mac)

Adobe Shockwave Player: Last update

On April 9, 2019 Adobe discontinued the Shockwave Player, the final update raises the version number to 12.3.5.205. Like the popular Flash Player, the software brings web animations to the screen. The provider explains the differences: The Flash Player shows content created via Flash Professional CS5, the Shockwave Player created by Adobe Director 11.5. Flash content is used for web applications, website user interfaces, online interactive advertising and R.I I.internet A.pplications (RIAs); Shockwave enables multi-user games, interactive 3D product simulations, online entertainment, and training applications.

Adobe explains the reason for the Shockwave-Aus in its FAQ (F.requently A.sked Questions, frequently asked questions), here is a translation:

“With the advancement of technology and the use of mobile devices, the interactive content has shifted to platforms like HTML5 Canvas and WebGL, and the use of Shockwave has decreased.”

The Shockwave update 12.3.5.205 closes seven vulnerabilities: All have the security level “critical” and allow code to be executed.



Source link -62