Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

giovedì 22 dicembre 2011

Adobe releases patches for critical flaws in Acrobat and Reader

Adobe has released an emergency patch to deal with critical vulnerabilities in its Acrobat and Reader products.

As detailed by SC Magazine last week, a brand new vulnerability was identified that targets Adobe Reader 9.4.6 on Windows. The patch, released on Friday, addresses vulnerabilities in Adobe Reader and Acrobat 9.x for Windows, and it recommended users of Adobe Reader 9.4.6 and earlier 9.x versions for Windows to update to Adobe Reader 9.4.7, and recommended users of Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows update to Adobe Acrobat 9.4.7.

Adobe said there isn't any immediate risk to users of Adobe Reader and Acrobat X for Windows with Protected Mode or Protected View enabled, or for Adobe Reader and Acrobat X or earlier versions for Macintosh, and Adobe Reader 9.x for UNIX in line with the present exploits and historical attack patterns.

However, Adobe is planning to deal with these issues in Adobe Reader X and Acrobat X for Windows with a better quarterly security update for Adobe Reader and Acrobat, currently scheduled for 10January 2012. An update to deal with these issues in Adobe Reader 9.x for UNIX is planned for a similar date.

Wolfgang Kandek, CTO of Qualys, said: “The flaw is actively getting used in targeted attacks and might be used to take full control of the targeted machine. If you're involved in the technical details, probably the most samples was analysed intimately by Brandon Dixon and Mila Parkour. We suggest applying this patch as quickly as possible.

“Adobe Reader X contains the identical flaw, however the current attack is neutralised due its additional sandbox. While this doesn't mean that Adobe Reader X users are completely safe, this can be a remarkable illustration of the effectiveness of the extra safety features that newer products had been enhanced with.”

Paul Henry, security and forensic analyst at Lumension, said: “Adobe is barely releasing a patch for the Windows versions of the difficulty because that's the primary platform under attack. A fix for Unix and Mac users should not available from Adobe until 12 January 2012. In all, Adobe released 121 bulletins this year, also down from last year.”



Pubblicato da alle 02:51

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)