News
Adobe Fixes Security Bugs In Reader, Acrobat
Company releases first planned quarterly security update
By Robert McMillan
June 10, 2009 — IDG News Service —
Adobe has released critical security patches, fixing 13 bugs in its Reader and Acrobat software.
The patches were released Tuesday, the same day as Microsoft's monthly security update, making for a hectic day of patching for some system administrators. Microsoft patched a record 31 bugs, including critical flaws in Windows, Office, and Internet Explorer.
Adobe's software has increasingly been targeted by attackers who have found ways to use bugs in the code to install malicious software on computers. They do this by tricking a victim into opening a maliciously encoded .pdf file. "These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system," Adobe said in its security advisory Tuesday.
Adobe's patches are for Windows and Macintosh users. Unix customers will have to wait until next week to get their updates, Adobe said.
Adobe has now moved to regular, quarterly security updates to make it easier for customers to plan. If it sticks to its schedule, the next Adobe update should be Sept. 8.
Other file formats have also come under attack in the past few years, including Microsoft Office and Apple's QuickTime. In fact, Microsoft still needs to patch a publicly known flaw in the way its DirectShow software reads QuickTime files. Hackers have been exploiting this flaw in a small number of on-line attacks, Microsoft said.
Although these file-format attacks are rarely widespread, they can be tough to defend against, because so many different pieces of software -- even antivirus programs -- can be targeted with such an attack.
File format attacks are the new "low hanging fruit" for hackers, according to Steve Manzuik, a senior manager of security research at Juniper Networks.
"For the average user to stay safe, it's probably pretty tough," he added. "If someone wants to hack you bad enough they're going to do it."
Other stories by Robert McMillan
Copyright 2009 IDG News Service, International Data Group Inc. All rights reserved.
Adobe Acrobat
Log Management in a Cyber World
With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.
Comparing Research in Motion and Microsoft Mobile Solutions
Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.
Stay current with insightful news and analysis on information security, business continuity, identity and access management, loss prevention and more with CSO newsletters!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
