Adobe Releases Out-of-Band Updates For Acrobat And Reader
Adobe, recently, in an out-of-band cycle, has issued security patches for Acrobat and Reader fixing bugs that were disclosed in July 2010 during the then Black Hat security conference. Labeling the update as "critical," Adobe suggests that users of all affected systems apply it immediately.
And though Adobe's forthcoming quarterly security bulletin is scheduled for October 12, 2010, yet the vulnerabilities recently revealed were so severe that the decision for releasing a before-time update was imperative.
The company, in a post published on its PSIRT (Product Security Incident Response Team) blog admitted that there was 'critical' vulnerability within its products. Moreover, the vulnerability resulted in an error of integer overflow during the parsing of fonts by PDF Reader. Incidentally, the post appeared fast following the publicity of the findings due to which Adobe released the emergency patch.
Says Adobe, the vulnerabilities within its Acrobat and Reader applications can let a hacker execute code from remote on a vulnerable computer.
According to the company's officials, the latest update is designed to upgrade Acrobat 9.3.3 for Mac and Windows and Reader 9.3.3 for UNIX, Mac and Windows. Moreover it affects Acrobat 8.2.3 and Reader 8.2.3, both for Mac and Windows.
Meanwhile, besides the above update, Adobe also included a patch for its Flash Player 10.1.53.64 and older. This patch fixes critical security flaws the company enumerated within a security bulletin of August 10. The flaws reportedly, can cause the collapse of Flash Player and let an attacker hijack an affected system.
According to an Adobe spokesperson, considering that the products of his company are relatively ubiquitous as also they widely reach across various platforms, it's likely that attackers will increasingly get drawn towards Adobe. PCWorld reported this on August 18, 2010.
Further, on the latest security fix by Adobe, security specialists stated that attacks on Adobe software followed those on Microsoft and in the second order of preference by hackers for popular applications. Albeit Abode was working plentifully for enhancing its security and patching procedures, still the outcomes appeared somewhat unseasoned. Consequently, the frequent security bulletins from the software developer seemed difficult for assimilating.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 25-08-2010