With new attack released, Adobe to patch next week
IDG News Service - Adobe Systems' security response team is scrambling to fix a newly disclosed bug in its Illustrator software, even as it readies another security patch for next week.On Tuesday, an unidentified hacker posted a proof of concept attack, showing how the Illustrator vulnerability could be leveraged to run unauthorized software on a victim's computer. Adobe said Tuesday that it was investigating the attack, but it's not clear when the software company will fix the issue.
For this attack to work, the users must open a maliciously crafted Encapsulated PostScript (.eps) file in Illustrator, Adobe said in a blog post.
Because this attack code is now public and available to cyber-criminals, this flaw could become a serious issue.
However, Adobe Director of Product Security Brad Arkin said Tuesday that his team has not yet confirmed that the attack could be used to install a virus on a computer. "We've been able to trigger a crash on at least one version and platform," he said. "As soon as we get all of our details together we'll do an advisory."
Security vendor Secunia says the flaw exists in Illustrator Creative Suite versions 13 and 14, and that other versions of the product may be affected.
Meanwhile, Adobe plans to fix other critical bugs in its Flash Player software on Tuesday. This update is not related to the Illustrator issue and had been previously scheduled, Arkin said. "As far as we can tell, the [Illustrator] bug has absolutely nothing to do with Flash Player."
Tuesday's Flash Player update falls on the same day that Microsoft is planning to issue six security updates for Windows, Office and Internet Explorer, including a patch for a publicly disclosed vulnerability in Internet Explorer.
Following Tuesday's bug-fixes, Adobe's next set of regularly scheduled security updates for its Reader and Acrobat software are due Jan. 12.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts