Feeds

Surprise Adobe update grapples with critical flaws

Reader, I pwned him

Boost IT visibility and business value

Adobe published an out-of-sequence update for its Reader and Acrobat software packages on Tuesday that tackles a brace of serious flaws.

The cross-platform Reader and Acrobat update fixes a vulnerability in the domain sandbox of the PDF technology that opens the door to possible exploits, more specifically unauthorised cross-domain requests. In addition the update addresses a critical flaw that creates a mechanism for hackers to inject hostile code onto vulnerable systems.

Adobe advises users to upgrade to Acrobat version 9.3.1 and Reader version 9.3.1, as explained in a bulletin here. Last week Adobe updated its Flash software in a way that meant users had to uninstall the previous version in order to remove the threat from their systems.

The importance of the Reader update is underscored by the release of a survey by web security firm ScanSafe which reports 80 per cent of all web-based exploits it blocked in the last quarter of 2009 were PDF exploits

Recently Adobe promised to move onto a quarterly patching schedule for Reader updates, at least, in order to make life easier for sys admins. The latest patches fall outside this sequence and without a detailed explanation of what had been fixed, leaving some in the security community puzzling over the update.

Andrew Storms, director of security operations at network security firm nCircle, commented: "As of now, there are no known zero day exploits in the wild for the patched Acrobat bug, but Adobe's effort to update this patch critical vulnerability outside their normal patch cycle will undoubtedly draw lots of attention from attackers."

"Last week Adobe released a security update to Flash and today they released an Acrobat update that references last week's Flash update. Adobe's lack of detailed security bulletins on the situation is leaving us all scratching our heads and wishing we had more information." ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?