Network News

X My Profile
View More Activity

Security Updates for iPhone, Adobe Reader

Apple has issued a security update for the iPhone. The patch fixes a vulnerability demonstrated recently at a hacker conference in Las Vegas, where security researchers showed they could hijack an iPhone simply by sending it a series of booby-trapped text messages.

Apple's patch comes in response to research revealed at last week's Black Hat security conference, by well-known Apple hacker Charlie Miller and co-presenter Collin Mulliner, a Ph.D. student in telecommunications security at the Technical University of Berlin. The two showed that a specially designed text-message barrage could allow attackers to hijack various iPhone core functions, such as making calls and turning on the device's microphone and camera.

The update is available only through iTunes, which should auto-detect that the update is available. If it doesn't, or you don't want to wait around for an auto-update notice (Apple says that process can take up to a week), click the "Check for Updates" option in iTunes (in iTunes for Windows, this option is under the "Help" menu).

Also, Adobe has released an update for its Reader and Acrobat applications that fixes several serious security flaws. This update brings Reader to 9.1.3. If you have Adobe Reader installed, the program's auto-updater should notify you that a new version is available if you open the program or a PDF document. If it does not, you can use the "Check for Updates" option from the Help menu or grab the latest version here.

When I wrote last week about a similar update for Adobe's Flash player, several readers complained that the update also installed Adobe Download Manager, a component Adobe says:

....works directly with Adobe servers to help you manage the process of downloading Adobe® Reader®, Adobe Acrobat® tryout software and other Adobe files. Once it's launched, it will start downloading the software installer to your machine. The Download Manager is only a small file, but it can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possible with third-party download tools

I'm not wild about the idea of having to install additional applications just to keep the ones I already have up-to-date. Why? For starters, it's not uncommon for these downloader applications to ship with their own set of security holes. In fact, last November Adobe fixed a critical flaw in its Download Manager, and another back in 2006.

By Brian Krebs  |  August 4, 2009; 9:11 AM ET
Categories:  From the Bunker , Latest Warnings , New Patches , Safety Tips  | Tags: adobe reader, apple, iphone, itunes  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Following the Money: Rogue Anti-virus Software
Next: Twitter Tries to Tame Tainted Links

Comments

With all due respect to Adobe, a company I used to cite as well run organization with top notch software...

Foxit Reader FTW.

Posted by: conspirator5 | August 4, 2009 8:09 PM | Report abuse

All I have to do is find a substitute for Adobe's flash (or do without it), and I will be Adobe free! I mean what else will this company "bundle-bloat" with its applications?

Posted by: ummhuh1 | August 5, 2009 11:50 AM | Report abuse

BK,

I really love your blog and chats and have been reading them regularly for years, thanks for your hard work. What is the difference between Adobe Download Manager and Adobe Updater? This was the first time DLM was required to install an updated version of the IE Flash Active X control (I think), but it does seem to uninstall itself upon reboot. However, DLM is distinct from Adobe Updater (which manages updates for Reader/Acrobat), no? DLM for the IE Flash update seems totally unnecessary and can only create problems without solving any major issues...any clarifications on this would be great. Thanks again.

Posted by: cambridgemass | August 5, 2009 12:37 PM | Report abuse

I agree there is not a compelling technical reason for the existence -- let alone the installation -- of Adobe Download Manager. These update files are small (around 2MB for Flash Player and the 9.1.3 Reader update), and the inconvenience of "having to start from the beginning should your download process be interrupted" is extremely remote with a broadband connection. How many people does Adobe think still use AOL? This has to be balanced against the intrusion of another mandatory piece of unwanted software. (Kind of like having to run Microsoft Update from Internet Explorer.)

As for their contention that "it offers a level of service not possible with third-party download tools", what tools would those be exactly? You download the file and run it to install. No tools needed. We and Adobe did just fine without ADM for years.

Thanks for calling Adobe out on this one.

Posted by: 54Stratocaster | August 5, 2009 2:57 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company