Wednesday, August 5, 2009

Multiple Adobe security holes closed

A regular patching cycle isn’t enough for Adobe, as multiple flaws need closing in some of its popular software products.

Adobe has released an out-of-cycle patch for its Flash Player, AIR, Reader and Acrobat software, closing more than 10 vulnerabilities that potentially left users open to attack.

It closes a recent vulnerability in Flash that was highlighted by Symantec and actively exploited in the wild. It also fixes 11 other flaws, including three that fixed problems in vulnerable Microsoft code (its Active Template Library (ATL)).

All of the fixed vulnerabilities were critical, with most having the potential to allow an attacker to take over a user’s system. Details of how to update the Adobe software can be found in its security bulletin here. Adobe is planning its next regular quarterly security update for Adobe Reader and Acrobat on 13 October.

Adobe has had a very difficult time this year, with its popular Reader and Acrobat products suffering so many problems that a Microsoft ‘Patch Tuesday’ style security update cycle has become necessary.

Cyber criminals see PDF-reading software as a good oppportunity to compromise computer systems as well as to install malware.

No comments: