Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe issued Windows updates for Reader and Acrobat versions 7, 8 and 9 and Macintosh and Unix updates for versions 8 and 9 for a vulnerability in Reader and Acrobat. The company said updates for Adobe Reader and Acrobat 7 for Macintosh are scheduled to be available before the end of June, according to the security bulletin. The vulnerability, which relates to a JavaScript memory corruption error and garnered a "highly critical" rating from Secunia, affects all supported versions on the Windows, Macintosh and Linux platforms. Proof-of-concept code is circulating on the internet, but Adobe representatives said in early May they are not aware of any in-the-wild exploits. The patch also addresses a second vulnerability in Adobe's Reader for Unix software. Microsoft issued a fix for 14 bugs in PowerPoint, but researchers say Adobe's vulnerabilities are more pressing than Microsoft's.Paul Henry, security and forensic analyst for Lumension told SCMagazineUS.com that it is important to remember that historically, files like Adobe PDF's or those in Word, Excel or PowerPoint have been great vehicles for targeted attacks because such attachments seem socially acceptable and are simply expected within corporate email.The use of PDF files as a vehicle for the delivery of malware gives a hacker an added advantage, Henry said. It is anticipated that anti-virus vendors will create better signatures from the information contained within the patch to identify infected files. The bad guys, however, could simply start obfuscating the current exploit to try to capture any unpatched users. Henry added that Lumension has found numerous Chinese web sites that were hosting malicious PDF files using the most current vulnerability, a contradiction of Adobe's position.“Adobe has had a rash of patches come out lately and since Adobe is not covered by Windows update you have to find a way to roll out these patches in enterprises, making it more difficult to get the patches installed,” Eric Schultze, CTO, Shavlik Technologies told SCMagazineUS.com. Since Adobe documents are more common in business than PowerPoint documents, Schultze recommended users should get the Adobe patch installed first. Andrew Storms, director of security operations for nCircle told SCMagazineUS.com he agreed that Adobe's issues present a much greater risk to users than the PowerPoint bug.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.