Article

Adobe issues emergency update, repairs critical Reader flaw

SearchSecurity.com Staff

Adobe Systems Inc. issued an emergency update to its Acrobat and Reader applications, repairing two critical vulnerabilities that could be used by attackers to crash the program and take control of an affected system.

In a security bulletin

    Requires Free Membership to View

issued Tuesday, Adobe said the vulnerabilities affected Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. Adobe urges users to update to versions 9.3.1 or 8.2.1.
Flash Player update:
Adobe issued an out-of-band fix, repairing a critical security vulnerability in Flash Player. The update affects Flash Player versions 10.0.42.34 and earlier, as well as Adobe AIR versions 1.5.3.9120 and earlier. According to Adobe, the Flash flaw could enable an attacker to bypass restrictions and make anonymous requests to malicious third-party sites, poisoning Flash ads and videos.

Adobe addressed an issue with Flash Player that enables an attacker to bypass process sandboxing within Reader and Acrobat to make anonymous requests to third-party websites. Adobe said the flaw is critical. The flaw enables an attacker to redirect components within embedded flash in PDF files to malicious webpages, either causing the Flash Player to display unauthorized material or trick the victim into downloading malware.

A second critical vulnerability causes the application to crash and could enable an attacker to execute code remotely and install malware, taking over a victim's machine. No details on the vulnerability are currently available. It was credited to the Microsoft Vulnerability Research Program (MSVR). MSVR is Microsoft's responsible disclosure program for reporting vulnerabilities that its engineers discover in third-party applications running on Windows.

Danish vulnerability clearinghouse Secunia gave the update a highly critical rating.

Adobe issued a critical update to its Flash Player last week, repairing the same sandboxing bypass vulnerability in Flash Player versions 10.0.42.34 and earlier, as well as Adobe AIR versions 1.5.3.9120 and earlier.

- Robert Westervelt


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: