Adobe Issues Critical Acrobat, Reader Updates
Adobe has issued a software update to fix at least eight security flaws in its Acrobat and Adobe Reader applications, that if left unpatched could be used by attackers to take control of vulnerable systems, the company said. The vulnerabilities affect Acrobat and Reader versions 8.1.2 and earlier.
Adobe characterizes this as a "critical" update -- its most serious rating -- meaning the flaws could let an attacker run and install malicious software on a victim's computer without the victim's knowledge.
The software maker says users with Adobe Reader 8.0 through 8.1.2, who can't update to Adobe Reader 9, should update to Adobe Reader 8.1.3, and that the latest full version of both products, Adobe Reader 9 and Acrobat 9, are not vulnerable to these issues. Links to updates for different versions of Acrobat are available in Adobe's security advisory.
Adobe adds that it is not aware of any reports that these issues are being exploited in the wild. Rather, all were privately reported to the company. Interestingly, six out of eight of the flaws were reported to Adobe by researchers who sold the information to vulnerability management firms like iDefense and TippingPoint.
These companies and others that buy up vulnerability findings from researchers, yet also mange the notification of the affected vendors, often have been criticized by many in the security community for cashing in on security flaws. Like it or not, however, the research these firms purchase is making up an increasing share of the flaws fixed in a number of major commercial software updates.
November 5, 2008; 7:00 AM ET
Categories: Latest Warnings , New Patches , Safety Tips
Save & Share: Previous: Election Hoax Sent Via D.C. Based E-Campaign Group
Next: Malware Piggybacks on Obama Win
Posted by: moike | November 5, 2008 8:28 AM | Report abuse
Posted by: hokiealumnus | November 5, 2008 9:01 AM | Report abuse
Posted by: hokiealumnus | November 5, 2008 9:02 AM | Report abuse
Posted by: Heron | November 5, 2008 2:29 PM | Report abuse
Posted by: BTKrebs | November 5, 2008 2:33 PM | Report abuse
Posted by: Heron | November 5, 2008 2:42 PM | Report abuse
Posted by: Heron | November 5, 2008 3:01 PM | Report abuse
Posted by: jim98851 | November 6, 2008 8:42 AM | Report abuse
Posted by: Brian Krebs | November 6, 2008 11:40 AM | Report abuse
Posted by: Brian Krebs | November 6, 2008 11:42 AM | Report abuse
Posted by: PC-tech | November 7, 2008 1:41 PM | Report abuse
The comments to this entry are closed.