Risk
11/16/2010
05:12 PM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Emergency Patch From Adobe Arrives

Adobe today released a patch designed to patch a number of critical flaws in Adobe Reader. You'll want to patch this one, quickly.

Adobe today released a patch designed to patch a number of critical flaws in Adobe Reader. You'll want to patch this one, quickly.Breaking from its normal quarterly security patch cycle, Adobe today released patches that fix several serious vulnerabilities in Adobe Reader, in addition to an Adobe Flash. Rather than waiting, Adobe issued the patches prior to its next scheduled update because a number of the vulnerabilities have been under active attack.

For instance, the recently uncovered Flash bug has been actively exploited in attacks against Adobe Reader for a few weeks now. From the Adobe Product Security Incident Response Team (PSIRT) blog:

Today, a Security Bulletin (APSB10-28) has been posted regarding security releases for Adobe Reader and Acrobat. The updates address critical security issues in the products, including CVE-2010-3654 noted in Security Advisory APSA10-05 and CVE-2010-4091 referenced in the Adobe PSIRT blog ("Potential issue in Adobe Reader"), as well as the vulnerabilities addressed in the November 4 Adobe Flash Player update as noted in Security Bulletin APSB10-26. Adobe recommends that users apply the updates for their product installations.

Note that today's updates represent and out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.

It's important to note that these vulnerabilities affect multiple platforms, from Adobe's security bulletin:

Critical vulnerabilities have been identified in Adobe Reader 9.4 (and earlier versions) for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 (and earlier 9.x versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

If you haven't yet, update to Adobe Reader 9.4. If you'd like more information, see Adobe's Security Bulletin APSB10-28. For my security and technology observations throughout the day, find me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2012-0871
Published: 2014-04-18
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVE-2012-6646
Published: 2014-04-18
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.

CVE-2013-4279
Published: 2014-04-18
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Best of the Web