Adobe Released Patches for Acrobat and Reader

Latest news
North America has a 13% Infection Rate for Home PCs Tatanga Trojan Utilized within Fake Insurance Scheme Attack 25 Percent of PCs within UK have Malware, Reports PandaLabs Geolocatiedienst Utility of Porn Sites Utilized to Identify Infected PCs’ Location ICS-CERT Cautions about Gas Pipeline Companies of USA being Targeted with Spear-Phishing

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
HSBC Clients Targeted with Phishing Scam BBB Cautions about Phishing E-mails Supposedly from American Express USPS Cautions Consumers about Malware Laced Scam E-mails St. George Bank Clients Alerted about Fraudulent E-mails Commtouch Cautions about Siberian Dogs Fraudulent E-mail

Trampolines usa

Adobe Released Patches for Acrobat and Reader

Written by Administrator

Friday, 09 July 2010 09:00

Adobe released new versions of Acrobat and Reader on June 29, 2010 to fix an unpatched vulnerability disclosed in the beginning of the month (June 2010), as reported by PCMAG on June 29, 2010.

The new version of Reader and Acrobat are 9.3.3 and 8.2.3, but Adobe has recommended users that they should use 9.x products. UNIX/Linux, Windows and Mac, which were vulnerable, has been patched.

Adobe Systems fix around 17 vulnerabilities in Reader and Acrobat applications, which include two critical vulnerabilities used by criminals to download malware on the end-users' computers. All the seventeen vulnerabilities had the capability of remote code execution. One of the vulnerability called CVE-2010-1297 has been wildly exploited by cyber criminals.

This vulnerability actually exists in Flash, but it has been patched in the standalone Flash client. Reader and Acrobat become vulnerable because both of them support Flash content in PDF files. The vulnerabilities exists on Mac's AuthPlayLib.bundle, Windows authplay.dll or and Linux libauthplay.so.0.0.0.

Besides, the patches rectify a vulnerability in Mac, Windows and Linux versions of the Reader that enable hackers to install malware from a remote location of the end-users' machines by deceiving them into opening a booby-trapped document.

In addition, the update fixes a flaw first came into the notice of researcher named Didier Stevens. With the help a feature in the PDF specification, the researcher's proof-of-concept attack exhibited that hacker could install a payload in the document and deceive Adobe's Acrobat applications and Reader along with the competing FoxIT Reader in order to execute it.

Adobe has claimed that it added a code to foil any effort to send a file by default. Security engineers have changed the method in which the existing dialog works in order to deal with the social-engineering attacks.

Adobe has given the credit to nine different companies and researchers for highlighting the vulnerabilities. The typical suspects are all there (TippingPoint, Didier Stevens, VUPEN, Tavis Ormandy, etc), but one came into the notice from NATO.

Moreover, the Acrobat and Reader updates apply to an existing installation for any of the version 9.3.2 or 8.3.2 of the same product. If users have another version installed, then they need to upgrade their systems to those two releases first.

Read full article...