Adobe launched its first vulnerability disclosure program this week. It will use the HackerOne platform and will not pay out bounties, instead researchers can bulk up their HackerOne reputation scores. Only vulnerabilities in Adobe web applications or web-based services are in scope.
Tag Archives: adobe
Adobe crowdsources its bug-hunting, but no rewards offered
Adobe, the company behind Flash, Photoshop and Adobe Reader, has launched a program encouraging security researchers to find and report possible vulnerabilities to the firm.
The post Adobe crowdsources its bug-hunting, but no rewards offered appeared first on We Live Security.
Threatpost News Wrap, February 6, 2015
Dennis Fisher and Mike Mimoso discuss the Anthem data breach, the continuing Flash 0-day happy fun times, the expansion of exploit kits and the crowd funding support for GnuPG.
Flash Zero Days Dominate Exploit Landscape
The recent Flash zero-day vulnerabilities and exploits have uncovered the relatively quiet Hanjuan exploit kit, and further exposed the dangers of malvertising.
Adobe Begins Patching Third Flash Player Zero Day
Adobe has begun distributing an emergency update for Flash Player that patched the third of three zero-day vulnerabilities under attack.
Latest Flash 0Day Under Attack; Possible Ties to Group Behind Angler EK
The third Adobe Flash Player zero day in two weeks is also currently under attack. Researchers at Trustwave found an exploit for it in the HanJuan exploit kit, which could be tied to the group behind the Angler kit.
1,800 Domains Overtaken by Flash Zero Day
Researchers at Cisco say that a Flash zero day exploit has compromised 1,800 domains, the majority of those during a 48-hour period last week.
Another Flash Zero Day Emerges
For the third time in the last couple of weeks, Adobe is dealing with a zero day vulnerability in Flash. The company is working on a patch for another Flash bug that is being exploited in drive-by download attacks. Adobe officials released an advisory Monday warning users that attackers are exploiting a new vulnerability in […]
Analysis of Flash Zero Day Shows Layers of Obfuscation
The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit, security researchers have […]
Adobe Begins Auto-Update Patching of Second Flash Player Zero Day
Adobe on Saturday began patching a zero-day vulnerability in Flash Player for auto-update users, exploits for which have been included in the notorious Angler Exploit Kit.