Adobe Urges Stopgap Changes To Blunt Cyber Threat
Adobe Systems Inc. has found itself in the midst of a public relations maelstrom of the sort once reserved only for Microsoft Corp., as security experts chastise the company for not moving fast enough to address a critical security hole in its products even as third-party software makers offer makeshift fixes for the flaw.
Later that day, Adobe released its own advisory, which acknowledged that the flaw existed in all supported versions of its products, and on all operating systems. The company said it planned to ship an update to fix the flaw on March 11, and that it expects to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th.
The following day, security vendor SourceFire blogged about the threat in a description that security experts said more or less painted a blueprint that hackers could use to exploit the flaw.
Two days later, milw0rm.com, a Web site dedicated to propagating instructions for exploiting software flaws, published two different blueprints for attacking the Adobe vulnerability, each of which credited the SourceFire advisory for their inspiration.
Meanwhile, a number of third-party software vendors began offering their own fixes to plug the flaw in Adobe's software.
Under fire from many in the security community who charged that Sourcefire's publishing this information amounted to a how-to plan for those seeking to exploit the Adobe flaw for criminal gain, SourceFire said it opted to publicize its findings after determining that hackers had been exploiting the flaw since Jan. 9.
"Instead of letting the world get owned, we thought it better to provide protection for people than to continue to allow people to get hacked completely," said Martin Roesch, co-founder and chief technology officer for Sourcefire.
Brad Arkin, Adobe's director for product security and privacy, said the company was alerted on Jan. 16 about the presence of malware exploiting the flaw, though he declined to say which organization alerted them to that fact.
Adobe's adoption rate among Microsoft Windows users and fans of other operating systems makes it one of the most pervasive software makers on the planet, and also one of the most-targeted. It would be helpful if the next time time such a serious hole arises in Adobe's products that the company takes a page from Microsoft's playbook, by offering users upfront advice on how to mitigate the threat until an official patch is released.
February 25, 2009; 7:20 AM ET
Save & Share: Previous: Just Say "No" To Gmail "ViddyHo" Chats
Next: Adobe Issues Security Update for Flash Player
Posted by: Bartolo1 | February 25, 2009 8:05 AM | Report abuse
Posted by: lostinthemiddle | February 25, 2009 10:37 AM | Report abuse
Posted by: robertdsands | February 25, 2009 10:47 AM | Report abuse
Posted by: ThomasWhitney | February 25, 2009 11:25 AM | Report abuse
Posted by: R__J | February 25, 2009 12:27 PM | Report abuse
Posted by: peppermintpatti1 | February 25, 2009 12:50 PM | Report abuse
Posted by: peppermintpatti1 | February 25, 2009 12:52 PM | Report abuse
Posted by: SSMD1 | February 25, 2009 1:14 PM | Report abuse
Posted by: mark51 | February 25, 2009 4:42 PM | Report abuse
Posted by: schnarff | February 25, 2009 4:46 PM | Report abuse
Posted by: BTKrebs | February 25, 2009 4:50 PM | Report abuse
Posted by: schnarff | February 25, 2009 5:16 PM | Report abuse
Posted by: Garak | February 25, 2009 6:09 PM | Report abuse
Posted by: BTKrebs | February 25, 2009 7:40 PM | Report abuse
Posted by: calmaise | February 25, 2009 8:01 PM | Report abuse
Posted by: kkrimmer | February 25, 2009 8:24 PM | Report abuse
Posted by: mark51 | February 26, 2009 12:17 AM | Report abuse
Posted by: mark51 | February 26, 2009 12:21 AM | Report abuse
Posted by: Garak | February 26, 2009 7:35 AM | Report abuse
Posted by: SC54HI | February 26, 2009 7:48 PM | Report abuse
Posted by: BBPalSparky | February 27, 2009 4:35 PM | Report abuse
The comments to this entry are closed.