back to article Adobe Creative Cloud Experience makes it easier to run malware

Adobe Creative Cloud Experience, a service installed via the Creative Cloud installer for Windows, includes a Node.js executable that can be abused to infect and compromise a victim's PC. Michael Taggart, a security researcher, recently demonstrated that the node.exe instance accompanying Adobe's service could be exploited by …

  1. Gene Cash Silver badge

    "The advice given is to simply ignore the warnings"

    Probably the same thing Adobe "developers" do when they compile something.

  2. VoiceOfTruth

    Security researchers?

    -> Security researchers commenting on Taggart's finding said they'd been under the impression the bundled Node runtime would only execute files signed by Adobe

    What led them to be under this impression? Did they test it themselves, i.e. do some research? Or did they read it somewhere, AKA reader-repeaters?

  3. Anonymous Coward
    Anonymous Coward

    Once again I feel fortunate our organization has been "Adobe Free" for over six years.

  4. Greybearded old scrote Silver badge
    Joke

    Yeah...

    There's a reason they named themselves after a half-baked brick.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yeah...

      Stop disparaging the mud based bricks! I know that they contain a non-zero amount of poop, but comparing that company to them is an insult to mud and poop based engineering materials everywhere.

  5. Sok Puppette

    OK, wait.

    I've already owned somebody's machine to the point where I can drop arbitrary files anywhere I want *and* run random programs. And a copy of node.exe is the problem????

    If somebody has gotten that far into your machine, you are fully owned, period. It's not reasonable to expect an application to guard against that.

  6. Anonymous Coward
    Anonymous Coward

    Of course it's malware, it is part of Creative Cloud.

    Even with a customized installer ala o365 the creative cloud is still cancer. If you remove the out of date node from this version, there is probably still 30 year old PDF code that for some reason still has local file access, loads internet resources at document load and runs unsigned scripts.

    Keep in mind, this is still a company that can't be bothered to build a working uninstaller, automatically associates new users under a different account with the user account that installed the software, and tries to trick users into buying a copy of the software on their credit card when the are logged into CC with an account that has an enterprise license assigned.

    So yeah, I don't lose much sleep over which bit of hot garbage that they point at, it's all a giant dumpster fire.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022