The Inquirer-Home
Hardware

Adobe rushes out two patches

No exploits yet
By Edward Berridge
Wed Feb 17 2010, 09:51

ELECTRONIC DOCUMENTS TOOLMAKER Adobe has released emergency updates to patch a pair of critical vulnerabilities in its popular PDF viewing and editing software.

Adobe ranked both bugs as critical. Last week we were told that the software outfit would issue rush patches for Adobe Reader and Adobe Acrobat.

The first flaw fixed was identical to the cross-domain request vulnerability that was recently fixed in Flash Player while the second was a vulnerability that attackers could exploit to install malware on a targeted machine.

The Flash Player bug tagged as CVE-2010-0186 cannot be used to inject malicious code into a system, but could be exploited by information thieves in a cross-site scripting attack.

The second vulnerability, tagged as CVE-2010-0188, was reported by Microsoft. Adobe is not releasing much in the way of details about it.

Insecurity experts tell us that hackers will be looking closely at the second patch. They might hope that if they can reverse engineer it then they can come up with an exploit for unpatched machines.

The suggestion is to patch machines where this Adobe software is loaded as quickly as possible. µ

 

 

Share this:

< Previous article| Next article >
Comments
Top Tips on PDF Security

In light of further Adobe security concerns, whereby many businesses and consumers are questioning the real capabilities of their document creation software, I think it’s important that they're aware of how to protect their PDFs.

Here are some top tips on PDF security by Global Graphics (http://bit.ly/GlobalGraphicssecurity):

1. Keep your PDF software and virus software updated by visiting your providers' website

2. Don’t open PDFs from people you don’t know, no matter how tempting the title!

3. Keep an eye out for any PDF security advice coming out from the likes of SANS

4. Be wary of PDF software that has had security scares or is targeted by hackers. There are alternatives.

5. If you do use free PDF software from smaller providers, make sure you know they have strong support services

posted by : TamaraDigi, 04 March 2010 Complain about this comment
Here's A Fix

It's called Foxit reader miles better than A.R plus it's not as bloated.

posted by : Dave C, 17 February 2010 Complain about this comment
Update Status

Done. Completed. Safe?

Ah well when there is one bug ther is another little bugger somewhere lurking...

posted by : Sean, 17 February 2010 Complain about this comment
aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up Existing user
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: