Photoshop Testing Security For Images To Prevent Theft And Fakes

Deep Fakes are becoming an increasingly large problem. If you’re not familiar with the term, a Deep Fake is an advanced photo or video technique in which an existing person in a video is digitally overwritten by some other person.

Want to make it look like a wholesome actress has a porn video on the web? A Deep Fake will get the job done.

Want to make it look like a politician you can’t stand said something completely hypocritical? Have a Deep Fake video commissioned to make it look like the Politician in question said whatever you want him or her to say.

Or, on the financial front, if you want to tank a rival company’s stock price, you can make a Deep Fake video of the company’s CEO reporting an obviously disastrous course of action for his or her company.

These are just a few of the ways Deep Fakes are being used in the here and now, and the underground industry that’s producing this content is still in its infancy. So in the months and years ahead, we can expect to see much more of this type of thing, and in increasingly advanced forms.

Worst of all, people tend to believe the evidence in front of their eyes, so once a Deep Fake image or video starts making the rounds, it can spread like wildfire and quickly be accepted as the truth. After all, what could be more damning than actual video footage of a given event?

Except, of course, that Deep Fake specialists make a trade out of inventing fictions out of thin air and then building videos to support whatever story they want to push. It’s incredibly dangerous, and there are several companies working hard to come up with ways to spot Deep Fakes, Adobe included.

Recently, the company rolled out a new content attribution tool in Photoshop that’s been specifically designed to spot and combat Deep Fakes and the damage they can do. While it’s still in beta, it represents one of the first tangible steps big tech companies are beginning to take to fight a war they didn’t even know they were embroiled in. Kudos to Adobe for their work to this point.

Adobe Patches A Number of Critical Vulnerabilities In Latest Update

If you make frequent use of Adobe products, then you’ll definitely want to give priority to applying the latest security update offered by the company. It’s an out of band patch that impacts ten different products in the Adobe lineup and is aimed squarely at addressing a number of critical security flaws. Since this is a big update, released outside the company’s normal schedule, let’s start by taking a look at exactly which products are impacted.

These include:

  • Dreamweaver
  • Marketo
  • Animate
  • Illustrator
  • After Effects
  • Photoshop
  • Media Encoder
  • InDesign
  • Creative Cloud
  • Premiere Pro

Right off the bat then, if you use any of the products listed above in either a Windows or MacOS environment, this patch is for you.

As to the particulars, the updates address too many issues listed as serious or critical to go into any detail on. However, in Illustrator for example, the patch addresses seven different critical security vulnerability.

In Dreamweaver, you’ll find a pair of serious issues addressed, including an uncontrolled search path element flaw, and similar bugs were addressed in Premier Pro, Photoshop, Media Encoder and Creative Cloud. On the Marketo front, the company addressed a critical cross-site scripting bug that could have allowed an attacker to deploy a poisoned JavaScript inside a browser section.

Where Animate is concerned, four different critical vulnerabilities were addressed, all of which could have resulted in arbitrary code execution. With InDesign, the company addressed a critical memory corruption bug.

In short, this is a massive, important update. It also didn’t happen in isolation. When the company released the update, they thanked a raft of security research firms for their efforts and disclosures. Again, if you use any of the Adobe products listed above, this is a security update you won’t want to miss.

New Adobe Tool Makes Reading PDFs On Mobile Easier

Reading PDFs on a smartphone can be a lesson in frustration.

Even at full-screen width, most smartphone display screens are just too small to display it comfortably, which inevitably results in some awkward scrolling as you try to read whatever information the PDF contains.

That’s about to change. Recently, Adobe rolled out a new AI-based feature that should help solve the problem for smartphone users. Dubbed ‘Sensei,’ the AI routine automatically reformats the text images and tables in the PDF to better fit smaller screens.

A spokesman for the company had this to say about the change:

“Giving people tools to view and extract content from PDFs, without changing the PDF itself, will help everyone gain more insight and power from the trillions of PDFs housed in enterprise storage systems, PCs, mobile devices, and on the web.”

“Delivering exceptional digital experiences is our mission, and we’ve been working in service of our customers to do just that for more than three decades. From the introduction of PDF in the early 1990’s, to unleashing it as an open standard in 2008, to the debut of Liquid Mode today, we continue to define how the world works with digital documents, both personally and professionally.”

As you read these words, the new capabilities should already be available on the Adobe Acrobat Reader for iOS and Android, and will eventually be rolled out to Chromebooks, other desktop PCs and ultimately, web browsers too.

It’s a big change and a most welcome one. Kudos to Adobe for putting so much thought and care into enhancing the user experience. PDFs are among the most ubiquitous types of documents found on the web, and anything that makes reading them easier on a wide range of devices is a very good thing.

Update Adobe Media Encoder Immediately With Current Patch

Adobe took the unusual step of releasing an out of band patch to address a trio of serious security issues in Adobe Media Encoder.

The program is used by tens of thousands of people around the world to encode audio and video in a variety of formats.

The three issues addressed by this patch are being tracked as:

  • CVE-2020-9739
  • CVE-2020-9744
  • CVE-2020-9745

All three are out of bound read security flaws that could lead to contextual information about the current user being leaked. All three issues are rated as ‘Serious’ and impact version 14.4 of Media Encoder on both Mac and Windows-based machines.

There are a couple of points of interest here. First, these issues are rated ‘Serious,’ not critical, which makes it unusual that Adobe (or any company) would rush an out of band patch out the door to address them. Second, they’ve only been given a severity rating of 3, which generally denotes that the bugs aren’t a high priority or likely target for hackers to exploit, which only deepens the mystery.

Given the two facts above, it’s almost impossible not to speculate that something else must be going on behind the scenes. Unfortunately, we’re unlikely to learn the truth of that, even if there is some deeper issue or concern lurking in the minds of Adobe’s product managers.

In any event, if you use Adobe Media Encoder, you’ll probably want to take advantage of the out of band patch and upgrade at your next convenience. Just because the hackers haven’t made a target of these issues doesn’t mean they won’t start. If you’re unpatched, you’re vulnerable.

Kudos to Adobe for their unusually swift action here, and to independent security researcher Radu Motspan, who spotted them and reported them to the company.

Adobe Updates Some Of Their Products Due To Critical Issues

Adobe continues to have problems associated with JavaScript.

As a consequence, they have released new patches for Experience Manager, InDesign, and Framemaker.

Of these, the patch for Experience Manager is the largest, and addresses a total of five critical vulnerabilities, tracked as:

  • CVE-2020-9732
  • CVE-2020-9734
  • CVE-2020-9740
  • CVE-2020-9741
  • CVE-2020-9742

Each of these bugs, can, if left unpatched, lead to arbitrary JavaScript execution in the browser.

In addition, the latest Experience Manager patch addresses six other issues deemed serious, including one that is described as an “execution with unnecessary privileges” that can lead to information disclosure.

If you’re running Experience Manager,, and earlier, or version 6.2 SP1-CFP20 and earlier, then your system is vulnerable.

The patch for InDesign addresses a total of five vulnerabilities, all described as memory corruption flaws, and are tracked as:

  • CVE-2020-9727
  • CVE-2020-9728
  • CVE-2020-9729
  • CVE-2020-9730
  • CVE-2020-9731

These flaws impact InDesign versions 15.11 and below.

Finally, the Framemaker patch addresses two critical security vulnerabilities, tracked as CVE-2020-9726, and CVE-2020-9725. Both of these, if exploited, impact all supported versions of the program.

The company has stressed that none of the flaws addressed in their most recent product patches are currently being used in the wilds, but if you use any of the products listed above, you should make installing the latest patches a priority in order to minimize your risk. After all, it’s just a matter of time.

Kudos to Adobe for their fast action on addressing these flaws, but here’s hoping the company can finally get their arms around the issues they’ve been having with their product line soon. The last patch the company released for their popular Acrobat reader addressed 26 bugs of serious or critical importance, and of course, their beleaguered Flash Player has caused no end of trouble for the company and the folks who rely on it.

In any case, these are important patches, and if you use the software mentioned above, they deserve priority.