Adobe to rush out another critical Reader patch
IDG News Service - Just weeks after patching a critical flaw, Adobe Systems is rushing out another patch for its Reader and Acrobat software. The company also patched a critical issue in Flash Player Thursday.
The Flash Player flaw could be used by an attacker to trick a Web browser into doing things that it shouldn't, but it's not what's known as a remote-code execution flaw. This means it can't be used to directly install unauthorized software on a victim's computer, said Brad Arkin, Adobe's director of product security and privacy.
If the bug is exploited, "the attacker would be able to execute a general class of cross-site request forgery type of attacks," Arkin said. Adobe rates the issue as "critical."
Normally Adobe patches Reader and Acrobat in quarterly security updates, but Adobe is being forced to rush out next Tuesday's fix because these products are also susceptible to the Flash Player flaw, Arkin said. "We decided that we wanted to get the update for Flash Player out to users as soon as possible," he said. "We didn't want to wait any extra time to do a coordinated release."
In theory, hackers could learn about the bug by looking at the Flash Player patch and then use that information to attack Reader and Acrobat, but Adobe is giving them just a five-day window to complete this work. At present, Adobe isn't aware of any attacks that exploit this Flash Player bug, Arkin said.
Users who are worried about the Flash Player bug being exploited in Reader can mitigate the threat by opening documents outside of the browser, Arkin said.
Next week's Reader and Acrobat update will also patch another undisclosed issue in the PDF-reading software, he added.
The flaws affect Windows, Mac and Unix platforms.
Adobe's security has come under scrutiny over the past year as attackers have increasingly leveraged Reader and Acrobat flaws to hack into computers. Because Reader is installed on almost all desktop computers, a well-crafted Reader attack can affect more victims than one that targets Internet Explorer or Firefox.
Adobe's next scheduled Reader and Acrobat update is due April 13.
Also on Thursday, Adobe patched an "important" bug in its open-source BlazeDS messaging software.
- Fast and Furious: How SAS VA Helps IT Deliver BI Platform Read this whitepaper to learn more about the benefits of self-service BI to make business critical decisions.
- API Playbook: Drive API Adoption Through Developer Engagement Learn the best practices of how to engage developers, whether your goal is to attract external developers to your public APIs or improve...
- Leverage the Power of APIs to Turbocharge Your Mobile Strategy: 7 Steps to a Successful API Program In this guide, Intel® Services-which offers industry-leading API management solutions for over 150 top enterprises, including Best Buy, Netflix, Expedia, ESPN, and The...
- IDG Research Survey: Are you Paying Too Much for Your NMS? Feel like you're paying too much for network monitoring? You're not alone. This survey brief summarizes findings from research recently fielded by IDG...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- API Management: The Key to Improving the Consumer Travel Experience Join PhoCusWright's Senior Technology Analyst, Norm Rose, as he shares his insights on how travel suppliers and intermediaries can improve industry data flow...
- Tips to Simplify Database Administration and Development Make your job easier while getting the most from the leading productivity tool for database professionals. Learn tips from Dell Software's Oracle® ACE,... All Applications White Papers | Webcasts