FortiGuard Labs Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop

This past May I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2019 to the software developer, Adobe Inc. Last Tuesday (Aug 13, 2019), Adobe released several security patches to fix those issues as part of their Patch Tuesday Initiative. These vulnerabilities are identified as CVE-2019-7990, CVE-2019-7991, Continue Reading

Oracle VirtualBox NAT Network DoS Vulnerability

Zero-Day Threat Analysis by FortiGuard Labs Oracle VirtualBox is the world’s most popular cross-platform virtualization product. The FortiGuard Labs team recently discovered on (December 6, 2018) a network Denial of Service (DoS) vulnerability in Oracle VirtualBox (CVE-2019-2527). This DoS vulnerability is caused by a crafted TCP session sent from a Continue Reading

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Flash Player

I discovered and reported multiple critical zero-day vulnerabilities in Adobe Flash Player last November. This Tuesday, Adobe released a security patch which fixed them. These vulnerabilities are identified as CVE-2017-2984, CVE-2017-2990, and CVE-2017-2991.  CVE-2017-2984 actually fixed three issues I reported because they have the same root cause. Due to the critical Continue Reading

Fortinet Security Researcher Discovers Two Critical Vulnerabilities in Adobe Flash Player

Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities. CVE-2017-2926 This is Continue Reading

Fortinet Researchers Discover Two Critical Vulnerabilities in Adobe Acrobat and Reader 

Fortinet researchers recently discovered two critical zero-day vulnerabilities in Adobe Acrobat and Reader. They are identified as CVE-2016-6939 and CVE-2016-6948. Adobe released a patch to fix these vulnerabilities on October 6, 2016. CVE-2016-6939 This vulnerability was discovered by Kai Lu. CVE-2016-6939 is a heap overflow vulnerability. The vulnerability is caused by Continue Reading