No PDF Updates Anymore--Anyone Interested?
Adobe has published its security updates for Adobe Reader and Adobe Acrobat.
Adobe has published its security updates for Adobe Reader and Adobe Acrobat.Besides fixing a 25-day-old zero-day vulnerability in the embedded Flash player that Adobe ships within the Reader product, the updates address 16 other vulnerabilities.
All Adobe users should update immediately because exploits for the vulnerability have been reported by many industry sources. Symantec also published a well-done analysis here.
In other related news, the current development Chrome browser now includes a lightweight PDF reader. I have been testing that browser version on my work PC and home Mac and have found the plug-in to work perfectly and seamlessly. It does not support any of the fancier PDF features, such as JavaScript, embedded Flash content, launching external binaries, or even Form filling, but that is exactly the point of being lightweight. I do not need these advanced capabilities 99.9 percent of the time, but attackers have been using them consistently 100 percent of the time for delivering their malware to target systems.
Chrome's silent update feature and now the included PDF viewer make it a viable option for light PDF usage.
-- As the CTO for Qualys, Wolfgang Kandek is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has more than 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Wolfgang provides the latest commentary on his blog: laws.qualys.com and also publishes his Patch Tuesday commentary to the QualysGuard channel: www.youtube.com/QualysGuard. He is a frequent source in business and trade media and speaks at industry conferences around the world, most recently at RSA 2010.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024