Adobe Fixes Security Bugs In Reader, Acrobat

Adobe has released critical security patches, fixing 13 bugs in its Reader and Acrobat software.

The patches were released Tuesday, the same day as Microsoft’s monthly security update, making for a hectic day of patching for some system administrators. Microsoft patched a record 31 bugs, including critical flaws in Windows, Office, and Internet Explorer.

Adobe’s software has increasingly been targeted by attackers who have found ways to use bugs in the code to install malicious software on computers. They do this by tricking a victim into opening a maliciously encoded .pdf file. “These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system,” Adobe said in its security advisory Tuesday.

Adobe’s patches are for Windows and Macintosh users. Unix customers will have to wait until next week to get their updates, Adobe said.

Adobe has now moved to regular, quarterly security updates to make it easier for customers to plan. If it sticks to its schedule, the next Adobe update should be Sept. 8.

Other file formats have also come under attack in the past few years, including Microsoft Office and Apple’s QuickTime. In fact, Microsoft still needs to patch a publicly known flaw in the way its DirectShow software reads QuickTime files. Hackers have been exploiting this flaw in a small number of on-line attacks, Microsoft said.

Although these file-format attacks are rarely widespread, they can be tough to defend against, because so many different pieces of software — even antivirus programs — can be targeted with such an attack.

File format attacks are the new “low hanging fruit” for hackers, according to Steve Manzuik, a senior manager of security research at Juniper Networks.

“For the average user to stay safe, it’s probably pretty tough,” he added. “If someone wants to hack you bad enough they’re going to do it.”