Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

giovedì 22 dicembre 2011

Adobe releases patches for critical flaws in Acrobat and Reader

Adobe has released an emergency patch to handle critical vulnerabilities in its Acrobat and Reader products.

As detailed by SC Magazine last week, a brand new vulnerability have been identified that targets Adobe Reader 9.4.6 on Windows. The patch, released on Friday, addresses vulnerabilities in Adobe Reader and Acrobat 9.x for Windows, and it recommended users of Adobe Reader 9.4.6 and earlier 9.x versions for Windows to update to Adobe Reader 9.4.7, and recommended users of Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows update to Adobe Acrobat 9.4.7.

Adobe said there isn't any immediate risk to users of Adobe Reader and Acrobat X for Windows with Protected Mode or Protected View enabled, or for Adobe Reader and Acrobat X or earlier versions for Macintosh, and Adobe Reader 9.x for UNIX according to the present exploits and historical attack patterns.

However, Adobe is planning to handle these issues in Adobe Reader X and Acrobat X for Windows with the following quarterly security update for Adobe Reader and Acrobat, currently scheduled for 10January 2012. An update to handle these issues in Adobe Reader 9.x for UNIX is planned for a similar date.

Wolfgang Kandek, CTO of Qualys, said: “The flaw is actively getting used in targeted attacks and might be used to take full control of the targeted machine. When you are concerned with the technical details, among the samples have been analysed intimately by Brandon Dixon and Mila Parkour. We suggest applying this patch as quickly as possible.

“Adobe Reader X contains the identical flaw, however the current attack is neutralised due its additional sandbox. While this doesn't mean that Adobe Reader X users are completely safe, it's a remarkable illustration of the effectiveness of the extra security measures that newer products was enhanced with.”

Paul Henry, security and forensic analyst at Lumension, said: “Adobe is solely releasing a patch for the Windows versions of the problem because that's the primary platform under attack. A fix for Unix and Mac users usually are not available from Adobe until 12 January 2012. In all, Adobe released 121 bulletins this year, also down from last year.”



Pubblicato da alle 02:51

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)