Adobe patches 13 critical PDF bugs in first quarterly update
Expert blasts company for withholding info on flaws found by in-house researchers
Computerworld - Adobe issued its first regularly-scheduled security updates on Tuesday, fixing at least 13 critical flaws reported by outside researchers and secretly patching an unspecified number of bugs found by its own team.
Today's update to Adobe Reader and Adobe Acrobat comes three weeks after the company said it had revamped its security practices, and would root out vulnerabilities in old code, speed up its patching process and release regular security updates for the often-attacked PDF applications.
At the time, Adobe announced it would piggyback its quarterly updates on Microsoft's monthly Patch Tuesday, but declined to set a start date. Last Thursday, however, the same day that Microsoft issued its usual advance notice of impending patches, Adobe did the same.
"This is the first quarterly security update for Adobe Reader and Acrobat...and incorporates the initial output of code hardening efforts," Wendy Poland of Adobe's security team in a brief post to the group's blog Tuesday. "Today's updates also address externally reported issues, as detailed in our Security Bulletin."
Poland said that Adobe wasn't aware of any in-the-wild exploits for the just-patched bugs.
As is its usual practice, Adobe described the 13 vulnerabilities reported by outsiders in terse terms. "This update resolves multiple heap overflow vulnerabilities in the JBIG2 filter that could potentially lead to code execution," Adobe acknowledged in the note accompanying six of the baker's dozen.
Adobe credited 10 researchers or organizations for reporting the Reader/Acrobat vulnerabilities, including the TippingPoint bug bounty program, Apple's security team and Mark Dowd of IBM Internet Security Systems' X-Force, a researcher who frequently roots out Adobe bugs.
But the company also acknowledged that it had plugged an unknown number of holes its own researchers uncovered. "Additionally, this update resolves Adobe internally discovered issues," the security bulletin said near its end. Adobe offered no additional information, such as the number, the severity and the nature of those bugs, however.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!