With new attack released, Adobe to patch next week
IDG News Service - Adobe Systems' security response team is scrambling to fix a newly disclosed bug in its Illustrator software, even as it readies another security patch for next week.On Tuesday, an unidentified hacker posted a proof of concept attack, showing how the Illustrator vulnerability could be leveraged to run unauthorized software on a victim's computer. Adobe said Tuesday that it was investigating the attack, but it's not clear when the software company will fix the issue.
For this attack to work, the users must open a maliciously crafted Encapsulated PostScript (.eps) file in Illustrator, Adobe said in a blog post.
Because this attack code is now public and available to cyber-criminals, this flaw could become a serious issue.
However, Adobe Director of Product Security Brad Arkin said Tuesday that his team has not yet confirmed that the attack could be used to install a virus on a computer. "We've been able to trigger a crash on at least one version and platform," he said. "As soon as we get all of our details together we'll do an advisory."
Security vendor Secunia says the flaw exists in Illustrator Creative Suite versions 13 and 14, and that other versions of the product may be affected.
Meanwhile, Adobe plans to fix other critical bugs in its Flash Player software on Tuesday. This update is not related to the Illustrator issue and had been previously scheduled, Arkin said. "As far as we can tell, the [Illustrator] bug has absolutely nothing to do with Flash Player."
Tuesday's Flash Player update falls on the same day that Microsoft is planning to issue six security updates for Windows, Office and Internet Explorer, including a patch for a publicly disclosed vulnerability in Internet Explorer.
Following Tuesday's bug-fixes, Adobe's next set of regularly scheduled security updates for its Reader and Acrobat software are due Jan. 12.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!