Adobe Released Patches for Acrobat and ReaderAdobe released new versions of Acrobat and Reader on June 29, 2010 to fix an unpatched vulnerability disclosed in the beginning of the month (June 2010), as reported by PCMAG on June 29, 2010. The new version of Reader and Acrobat are 9.3.3 and 8.2.3, but Adobe has recommended users that they should use 9.x products. UNIX/Linux, Windows and Mac, which were vulnerable, has been patched. Adobe Systems fix around 17 vulnerabilities in Reader and Acrobat applications, which include two critical vulnerabilities used by criminals to download malware on the end-users' computers. All the seventeen vulnerabilities had the capability of remote code execution. One of the vulnerability called CVE-2010-1297 has been wildly exploited by cyber criminals. This vulnerability actually exists in Flash, but it has been patched in the standalone Flash client. Reader and Acrobat become vulnerable because both of them support Flash content in PDF files. The vulnerabilities exists on Mac's AuthPlayLib.bundle, Windows authplay.dll or and Linux libauthplay.so.0.0.0. Besides, the patches rectify a vulnerability in Mac, Windows and Linux versions of the Reader that enable hackers to install malware from a remote location of the end-users' machines by deceiving them into opening a booby-trapped document. In addition, the update fixes a flaw first came into the notice of researcher named Didier Stevens. With the help a feature in the PDF specification, the researcher's proof-of-concept attack exhibited that hacker could install a payload in the document and deceive Adobe's Acrobat applications and Reader along with the competing FoxIT Reader in order to execute it. Adobe has claimed that it added a code to foil any effort to send a file by default. Security engineers have changed the method in which the existing dialog works in order to deal with the social-engineering attacks. Adobe has given the credit to nine different companies and researchers for highlighting the vulnerabilities. The typical suspects are all there (TippingPoint, Didier Stevens, VUPEN, Tavis Ormandy, etc), but one came into the notice from NATO. Moreover, the Acrobat and Reader updates apply to an existing installation for any of the version 9.3.2 or 8.3.2 of the same product. If users have another version installed, then they need to upgrade their systems to those two releases first. Related article: Adobe Rates Acrobat Vulnerabilities “Critical” » SPAMfighter News - 7/9/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
