Adobe patches critical flaws

Powered by SC Magazine
 

No immediate risk to some users.

Adobe has released an emergency patch to address critical vulnerabilities in its Acrobat and Reader products.

A vulnerability was identified in Adobe Reader 9.4.6 on Windows.

The patch addresses vulnerabilities in Adobe Reader and Acrobat 9.x for Windows, and it recommended users of Adobe Reader 9.4.6 and earlier 9.x versions for Windows to update to Adobe Reader 9.4.7, and users of Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows update to Adobe Acrobat 9.4.7.

Adobe said there was no immediate risk to users of Adobe Reader and Acrobat X for Windows with Protected Mode or Protected View enabled, or for Adobe Reader and Acrobat X or earlier versions for Macintosh, and Adobe Reader 9.x for UNIX based on the current exploits and historical attack patterns.

However, Adobe planned to address these issues in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for 10 January 2012.

An update to address these issues in Adobe Reader 9.x for UNIX is planned for the same date.

"The flaw is actively being used in targeted attacks and can be used to take full control of the targeted machine," Wolfgang Kandek, CTO of Qualys said.

“Adobe Reader X contains the same flaw, but the current attack is neutralised due its additional sandbox. While this does not mean that Adobe Reader X users are completely safe, it is a remarkable illustration of the effectiveness of the additional security features that newer products have been enhanced with.”

Lumension security and forensic analyst Paul Henry said Adobe released 121 bulletins this year.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Adobe patches critical flaws
Tags
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1132

Vote