Tech

Adobe patches Creative Cloud desktop in new security update

Adobe Creative Cloud Desktop application and RoboHelp Server 9 are the focus of the firm's latest round of security patches.

Written by Charlie Osborne, Contributing Writer April 13, 2016 at 1:06 a.m. PT

Adobe has released a set of new patches for the Creative Cloud Desktop application and RoboHelp Server 9 following last week's critical update of Adobe Flash Player.

The latest security advisory includes the resolution of a vulnerability in the JavaScript API for Adobe Creative Cloud Libraries. The flaw, assigned CVE-2016-1034, allows attackers to remotely read and write files on a client's file system through sync features, potentially leading to malware downloads and hijacking.

The bug impacts Windows and Mac operating systems.

The security issue was disclosed by Roger Chen from the University of California, Berkeley, and Jung "Lokihardt" Hoon Lee working with Trend Micro's Zero Day Initiative.

In addition to the Adobe Creative Cloud update, the software maker also issued a security advisory and update for RoboHelp Server 9, an online help and assistance solution.

Security

The security hotfix patches CVE-2016-1035, a critical vulnerability which could lead to information disclosure, according to Adobe. The security flaw lies within the handling of SQL queries.

Naturally, Adobe recommends that users patch their software as soon as possible. Users of Adobe Creative Cloud should update to version 3.6.0.244.

This month, Adobe also issued an emergency patch for a zero-day vulnerability in Adobe Flash. The bug, CVE-2016-1019, impacts Windows, Mac, Linux and Chrome operating systems, and is able to either crash PCs or grant attackers the chance to hijack sessions.

However, security researchers say Adobe Flash users which have not patched their systems against this threat do have some breathing space -- as cyberattackers leveraging the flaw in the Magnitude exploit kit messed up the integration of the vulnerability.