Feeds

Adobe punts fix for Reader, Acrobat holes battered by PC, Mac hackers

Software biz praised for nine-day response

New hybrid storage solutions

Adobe has pushed out an emergency security update for its PDF viewing software Reader and Acrobat to plug zero-day vulnerabilities that emerged last week.

The cross-platform update, issued yesterday, addresses flaws that were being actively exploited by miscreants to compromise and take over Microsoft Windows and Apple Mac OS X computers. Word of the bugs spread following the publication of a report by security biz FireEye on 12 February. Adobe acted quickly to publicise workarounds a day later, prior to pushing out patches for Windows, Mac and Linux systems on 20 February.

The updates cover all supported product versions (Reader and Acrobat 9, 10, 11) and unsurprisingly they're all rated critical. Adobe's advisory is here.

Paul Ducklin of antivirus outfit Sophos praised Adobe for its prompt response.

The update completes a pretty wretched month for Adobe. Earlier this week Mozilla released a new version of its Firefox browser that featured a built-in JavaScript-powered PDF viewer, allowing users to dispense with plugins from Adobe and its rivals. And at the start of the month the software giant was obliged to release emergency Flash patches that threw a fire blanket over not just one but two zero-day security vulnerabilities.

It subsequently emerged that Microsoft Office files containing code that exploited flaws in Adobe's Flash player software were used to pull off corporate espionage against Windows-using businesses in the aerospace industry. Security experts at Lockheed Martin are credited with aiding Adobe; it's a safe bet, therefore, to assume the defence titan was a target of this cyber-spying.

In fairness, all software developers have to deal with zero-day vulnerabilities from time to time. Foxit, which makes a PDF-viewing browser plugin to rival Adobe's, was hit by one such calamity only last month. But Adobe Flash is second only to Oracle's Java in terms of the number of security exploits targeting software in a modern hacker or cyber-spy's toolkit; any un-patched holes in Adobe's software are often seized and attacked in a race against the vendor and users. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Leak of '5 MEELLLION Gmail passwords' creates security flap
You should be OK if you're not using ANCIENT password
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.