Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Data Security / Adobe Warns of New PDF Woes
Adobe Warns of PDF Woes, But Fix Is on the Way
Adobe Warns of PDF Woes, But Fix Is on the Way
By Carl Weinschenk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
OCTOBER
09
2009
Adobe issued a security advisory Thursday about vulnerabilities in its Adobe Reader and Acrobat products. The company labeled the vulnerabilities critical, reflecting the highest level of severity, and indicated that software updates will be available on Tuesday, Oct. 13.

A number of Adobe products and all platforms are involved. The update will cover Adobe Reader 9.1.3, Acrobat 9.1.3, Adobe Reader 8.1.6, and Acrobat 8.1.6 for Windows, Macintosh and UNIX. The updates also will cover Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh.

If unpatched, malicious code carried in downloaded PDF documents can be executed and damage can be caused by viruses, Trojans or other malware if the file is opened by the user. Attacks have been seen in the wild targeting Windows using Adobe Reader and Acrobat 9.1.3. The advisory said that computers with Data Execution Prevention (DEP) enabled on the Windows Vista operating system are not impacted.

The alert also said the variants observed in the field are neutralized if JavaScript is disabled. However, the company warned that the base vulnerability may be used for exploits that don't involve JavaScript.

So Far, Limited Impact

Brad Arkin, director of product security and privacy for Adobe, said the company has information on "about a half-dozen" attacks. He said next Tuesday's security update is the second of two on the company's schedule. The first was released June 9. A response to the attacks has been folded into the second update, he said.

Ryan Naraine, a security evangelist for Kaspersky Labs, said the attacks seem to be aimed at corporate and business types. "This is a big deal for two reasons. One is that it is not patched yet, and two is that there already are attacks happening. That means that malicious hackers got hold of this vulnerability before Adobe did."

Targeting Adobe

Researchers agree that Adobe is a big target. Ben Greenbaum, senior research manager for Symantec Security Response, said Adobe is now squarely in the limelight, at least as far as crackers are concerned.

"I wouldn't say it is becoming a larger target, but it certainly has been a large target for a while. By that, I mean the past two or three years."

Naraine added that Adobe has had a busy year. "This is the fourth [attack] this year," he said. "That's not every week or every other week, but four times per year is considered a lot."

Greenbaum said there is no special protection against contaminated PDF documents. Best-practice security should be exercised, he said, including common sense, making sure that security software is up to date, and automatic updates are turned on. He joined the others in urging users to take advantage of the patch as soon as it becomes available on Tuesday.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.