Adobe has released another security patch outside of its usual routine this month to deal with a strange bug that can allow attackers to delete victims’ files.

The file-deleting bug, CVE-2020-3808, stems from a time-of-check to time-of-use race condition vulnerability, which happens when two system operations try to access shared data at the same time. That allows an attacker to manipulate files on the victim’s system. The company warned:

Successful exploitation could lead to arbitrary file deletion.

To successfully exploit the flaw, an attacker would need to convince a victim to open a malicious file, Adobe has said.

Creative Cloud is a subscription-based service that lets users access its range of creative software products from Adobe online, and to use some cloud-based services that support them. Users get well-known Adobe titles like Acrobat, After Effects, Dreamweaver, Illustrator, InDesign, and Photoshop. It replaced Creative Suite, which was its perpetual license software.

The bug affects Creative Cloud version 5.0 and earlier on Windows platforms according to the company’s advisory, and it has a severity rating of critical. Adobe has issued a FIX and given it a priority rating of two. In other words, it isn’t the most urgent patch in history, but you should still hop on it, sharpish. The fact that the company issued an out-of-band patch to fix the vulnerability indicates how seriously it’s taking this.

The fix involves installing version 5.1 of the software.

This isn’t the only such patch this month. The company issued a gaggle of bug fixes on 17 March, which were late, as it normally aligns its patches with Microsoft’s Patch Tuesday releases. The 41 vulnerabilities appeared in Photoshop, Acrobat, and Reader, and more than half of them received a critical rating.

In its advisory this week, Adobe credited Jiadong Lu of South China University of Technology and Zhiniang Peng of Qihoo 360 Core Security with finding the file-munching bug.


Latest Naked Security podcast

Subscribe to our Blog & Newsletter!

Subscribe to our Blog & Newsletter!

Join our mailing list to receive the latest news and updates from our team. We will give you the latest tech articles and updates on our new products!

You have Successfully Subscribed!

Netsafe Client Support Portal

For current clients to communicate their IT issues

Submit a Ticket

Having a technical issue? Submit a ticket to our helpdesk here and a tech will be on your case.

Establish a Remote Connection

Share your screen with our IT helpdesk techs so we can diagnose your issues.

Check the Status of your Support Ticket

Log in to our helpdesk portal to check the status of your ticket.