Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 22 gennaio 2012

Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control

Adobe Systems Inc. issued its quarterly security update Tuesday, repairing six critical vulnerabilities in its Reader and Acrobat software.

Having this ability to realize more control over JavaScript support is something it really is needed in enterprise environments.

Wolfgang Kandek, CTO, Qualys Inc.

The Adobe security update affects Adobe Reader X and Adobe Acrobat X 10.1.1 and earlier versions for Windows and Mac. “These vulnerabilities can cause the appliance to crash and potentially allow an attacker to take control of the affected system,” the corporate said within the Adobe security update outlining the repairs.

Adobe also issued a brand new feature in Reader and Acrobat, giving administrators more control over the execution of JavaScript embedded in PDF files. Administrators now have a whitelisting capability to disable JavaScript, but allow it for trusted documents.

“If a document is trusted, JavaScript execution might be allowed; but when it's untrusted, Adobe Reader and Acrobat will prevent all JavaScript execution,” Adobe's software engineering team said in a blog entry outlining the brand new JavaScript control feature. “The trust decision relies on Privileged Locations.”

“Most of the attacks executed using Adobe involve JavaScript in a single way or another,” said Wolfgang Kandek, CTO of Redwood Shores, Calif.-based vulnerability management vendor Qualys Inc. “Having more control over JavaScript support is something that's needed in enterprise environments.

If administrators desire to disable all JavaScript support, a Javascript lockdown capability can be enabled while disabling Trust Location. This prevents users from adding Privileged Locations, Adobe said.

Adobe said the update also includes fixes for 2 Adobe vulnerabilities that were addressed last month. A better quarterly security updates for Adobe Reader and Acrobat are scheduled for April 10. Adobe issued an out-of-cycle patch last month, repairing a U3D Memory Corruption Vulnerability that was portion of a targeted attack and discovered by Lockheed Martin's computer incident response team.

The next quarterly security updates for Adobe Reader and Acrobat are scheduled for April 10.


Dig Deeper
  • People that read this also read...


Pubblicato da alle 23:56

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)