Adobe Released Two Security Patches for PDF Software
Adobe (the maker of electronic document tools) issued security patches urgently on February 16, 2010 to fix twin flaws in the company's PDF software popularly used to view and edit documents. Adobe assigned the two flaws a "critical" rating.
Owing to the security updates, Adobe's Acrobat and Reader versions bumped up from 9.3 to 9.3.1. They are essential for Acrobat running on Macintosh and Windows, and for Reader running on UNIX and Macintosh.
One of the patched vulnerabilities was exactly like the one in cross-domain requests, which Adobe recently patched in Flash Player. The other vulnerability could allow hackers to exploit it for installing malicious code on the affected computer.
Andrew Storms, Director of Security Operations, nCircle Network Security, states that the Flash Player flaw, which CVE (Common Vulnerabilities and Exposures) database designated as CVE-2010-0186, cannot be exploited for pushing malware into a vulnerable computer, as reported by ComputerWorld on February 16, 2010. Storms said that he was actually drawn to the second flaw, which CVE designated as CVE-2010-0188.
According to some other security researchers, attackers will be focusing on the second update. These attackers believe that by reverse engineering of the update, they may obtain an exploit capable of attacking un-patched computers.
The flaw came into light when the MSVR (Microsoft Vulnerability Research Program) reported it. At MSVR, security researchers present vulnerabilities they discover inside intermediate software like browser plug-ins such as Reader.
Moreover, the patches were released on the same day when the security company ScanSafe cautioned about malevolent Reader documents that accounted for 80% of the total exploits during 2009. ScanSafe stated that hackers targeted flaws inside Acrobat and Reader applications more frequently. They increased their PDF exploits throughout 2009.
In this context, the researchers stated that Reader was a highly attacked program online along with Flash Player, Internet Explorer or Java Runtime, chiefly on account of its use on most modern PCs. But due to the exploitation of numerous zero-day vulnerabilities in recent years, Adobe has received sharp criticism.
Security researchers suggest the users of Reader to patch their computers quickly.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 26-02-2010