Jump to content

Adobe to patch critical Reader and Acrobat flaws


nsane.forums

Recommended Posts

nsane.forums

Vulnerabilities unveiled at Black Hat this year will be addressed

Adobe is to release several critical out-of-band updates on Thursday for its Reader and Acrobat software designed to patch vulnerabilities disclosed by security researchers at last month's Black Hat conference.

In an update to a security advisory issued at the beginning of this month, Adobe said that the patches target Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh.

The vulnerabilities could be used by hackers to compromise a victim's PC. Security firm Secunia said in an advisory that the at-risk versions of Acrobat/Reader bundle a vulnerable version of Adobe Player.

In addition, a flaw in TrueType could allow the running of malicious code embedded in a PDF document. "Successful exploitation may allow execution of arbitrary code," explained Secunia.

Adobe said that its next quarterly security update falls on 12 October, so the firm obviously rates these vulnerabilities important enough to patch them early.

The debate on how and when new vulnerabilities are disclosed gathered momentum recently when HP's TippingPoint announced a new initiative under which it will release all data on software flaws six months after notifying the vendor.

Security researchers who disclose vulnerabilities before the vendor responsible has had time to fix them are often pilloried by the industry.

Google engineer Tavis Ormandy was widely criticised for not giving Microsoft enough time to fix a flaw found in Windows Help and Support Center. Soon after, hackers were found to be exploiting the flaw in the wild.

view.gif View: Original Article

Link to comment
Share on other sites


  • Views 640
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...