Adobe patches 8 bugs in popular PDF apps
Computerworld - Adobe Systems Inc. today patched its Reader application for the fifth time this year, plugging eight security holes, including one that was reported to the company more than five months ago.
In late May, researchers at Core Security Technologies told Adobe of a critical vulnerability in Adobe Reader and Adobe Acrobat, the free-of-charge and for-a-fee programs, respectively, that handle PDF files. The bug, which could be used by hackers to launch attack code against Windows, Mac or Linux computers, was found in older versions of the software.
Versions 8.1.2 of Acrobat and Reader harbor the vulnerability, Core Security said in an advisory issued early today. Newer versions of the programs, Acrobat 9 and Reader 9, which were released in June, are immune.
Attackers could exploit the buffer overflow vulnerability with specially crafted PDF files, Core Security said.
Reader 8.1.2 was itself plagued by several bugs, some of which were actively exploited in the wild before Adobe could issue the update last February. In June, Adobe released a security update to 8.1.2 to plug yet another hole. That vulnerability had also been exploited by attackers before Adobe reacted.
Core Security uncovered the bug when it dug into an earlier-reported vulnerability in Foxit Reader, a free Reader clone available for Windows and Linux. Although that bug was found to be harmless to Adobe's applications, on further review, Core Security found a second flaw that could, in fact, be used to attack systems.
Core Security reported its findings to Adobe on May 20, but numerous back-and-forths between Core Security and Adobe and two patch postponements delayed the coordinated release of security advisories until today.
Ironically, while Foxit Software Co. was able to patch the bug in its software in less than a month, Adobe took more than five times longer to issue fixes for its Acrobat and Reader. Ivan Arce, Core Security's chief technology officer, declined to speculate about why Adobe took so long to patch its programs, other than to point out that today's update fixed eight flaws altogether.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts