back to article Emergency updates: Adobe, Chrome patch security bugs under active attack

Adobe has released an out-of-band security update for Adobe Commerce and Magento Open Source to address active exploitation of a known vulnerability, and Google has an emergency issue, too. Security Bulletin APSB22-12 fixes CVE-2022-24086, rated 9.8 (critical) out of 10 on the CVSS scale. Adobe has not released details about …

  1. redpawn

    What does code have to do

    to get the full Gold Medal winning 10.0 rather than a measly 9.8?

    1. Anonymous Coward
      Anonymous Coward

      Re: What does code have to do

      redprawn,

      " ... full Gold Medal winning 10.0 rather than a measly 9.8?"

      A Quadruple Salchow while snorting Granpa's medicine apparently !!!

      :)

      [Too soon ???]

    2. IGotOut Silver badge

      Re: What does code have to do

      Have the word Adobe AND Flash together.

  2. adam 40 Silver badge

    Great they keep updating, adding more crap with zero day exploits, rinse and repeat

    Really this is so tedious.

    How about a browser where they just do security updates and don't add more features?

    1. Snake Silver badge

      Re: Great they keep updating, adding more crap with zero day exploits, rinse and repeat

      The fundamentals behind all this is due to the fact that the programmers do not use tools that help mitigate these issues - it is up to the programmer to properly implement tight memory controls in C, for example.

      As I keep voicing aloud, the only way to solve these problems is to bake security in from the start, in the platform, such as Rust.

      1. bombastic bob Silver badge
        Facepalm

        Re: Great they keep updating, adding more crap with zero day exploits, rinse and repeat

        "ba-a-a" Rust the ONLY way...

        icon, because, facepalm

        1. Steven Burn

          Re: Great they keep updating, adding more crap with zero day exploits, rinse and repeat

          Just had to upvote Bob for the first time errr - ever. I feel dirty .....

  3. Citizen of Nowhere

    Improper input validation

    Adobe has not released details about the issue beyond noting that it involves improper input validation

    Didn't see that coming.

  4. Binraider Silver badge

    Not that I suggest anyone touch the thing with a barge pole, but did anyone notice that Adobe Reader DC now requires you to get a paid version to rotate pages for viewing.

    You know, a feature that has existed since version 1.0 on Windows 3.1?

    Other readers for the file format are available.

    1. bombastic bob Silver badge
      Meh

      I've been using open source PDF viewers like Atril and Evince for a VERY long time now. Does not surprise me that Adobe's "free" reader is actually CRIPPLE-ware. "Pay up" to get something that doesn't TEASE you by making you THINK it works...

      Evince has a windows version.

      1. Kobus Botes
        Flame

        ...using open source PDF viewers...

        @bombastic bob

        Unfortunately there are times when it does not work. Our Revenue Services insists on using the latest and greatest of Adobes fine products, and the only reader that can open it has to be the latest and greatest. Until last year they still insisted on using Flash(!) - as you all know, the most bug-ridden and insecure piece of software anywhere in the universe. They were so beholden with Flash that Adobe actually wrote a special version just for them. Luckily they finally relented and migrated to HTML5, but there are still applications (on the commercial side) that require Flash.

        Adobe stopped adding the latest and greatest features to their linux version a long time ago. If I receive documentation from SARS, I am forced to use SWMBO's Windows machine.

        My go-to PDF reader is Okular, which works well for my limited use of PDF's (in fact, the only PDF's I cannot open come from SARS).

        I gave Evince and Atril a whirl (luckily they were in Mageia's depository; I had never come across them before, so thanks for that). Unfortunately neither of them could open SARS documents either.

        Atril did upset me, though, as it silently, and without even a by your leave, elected itself as the default PDF reader. I hate programs that do that, so Atril had been consigned to the dump.

        Now where is the steam coming out of the ears icon? Aaah, found it!

        1. Binraider Silver badge

          Re: ...using open source PDF viewers...

          I can't speak for "protected" docs using very latest Adobe crud, but for general reading; Firefox does an awful lot better than Adobe DC.

          And, for "thin client" the excellent Sumatra PDF is about as condensed as a modern application can be.

          I do find it awfully strange how people never learn from the proprietary lock-in problem. It's not as though it's a recently discovered threat to your operating costs.

  5. Charlie Clark Silver badge

    Credit where credit's due

    I don't use Google Chrome but nice to see Google eating its own dogfood with the security team finding bugs in Chrome and the Chrome team fixing them quickly.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022