Adobe issues emergency fix for file-munching bug
Adobe has released another security patch outside of its usual routine this month to deal with a strange bug that can allow attackers to delete victims’ files.
The file-deleting bug, CVE-2020-3808, stems from a time-of-check to time-of-use race condition vulnerability, which happens when two system operations try to access shared data at the same time. That allows an attacker to manipulate files on the victim’s system. The company warned:
Successful exploitation could lead to arbitrary file deletion.
To successfully exploit the flaw, an attacker would need to convince a victim to open a malicious file, Adobe has said.
Creative Cloud is a subscription-based service that lets users access its range of creative software products from Adobe online, and to use some cloud-based services that support them. Users get well-known Adobe titles like Acrobat, After Effects, Dreamweaver, Illustrator, InDesign, and Photoshop. It replaced Creative Suite, which was its perpetual license software.