Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Business Briefing / Adobe Fixes Acrobat, Reader Holes
Adobe Fixes 29 Vulnerabilities in Acrobat and Reader
Adobe Fixes 29 Vulnerabilities in Acrobat and Reader
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
While IT administrators around the world had their hands full planning to implement the largest-ever set of patches from Microsoft on Tuesday, another software maker quietly rolled out a massive fix of its own.

On what will go down in IT admin history as a day of headaches, Adobe Systems rolled out updates for Acrobat and Reader on Tuesday. The updates address 29 critical security vulnerabilities for the PDF applications, which are used across business and consumer PCs around the world.

Despite a hyper-focus on Microsoft's patches, security researchers warn not to put off dealing with Adobe security fixes. The one-two punch spells long nights for IT administrators.

"Compound Tuesday's Microsoft release with the Adobe quarterly release and we are certain to see some enterprise teams become flustered," said Andrew Storms, director of security operations for nCircle. "The key for security and IT organizations managing today's deluge of patches is to maintain focus and diligence with patch-management practices."

Critical Vulnerabilities

According to Adobe's security bulletin, critical vulnerabilities have been identified in Adobe Reader 9.1.3 and Acrobat 9.1.3; Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX; and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh.

Adobe said these vulnerabilities could cause the applications to crash and potentially allow an attacker to take control of a PC. The vulnerabilities are many, ranging from heap-overflow issues to memory-corruption issues to invalid-array-index issues to remote-exploitation issues. Adobe acknowledged reports that some of the issues are being exploited in the wild.

Adobe recommends that consumers who use Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. The company also recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, the company has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates.

'The Most Critical Kind of Bugs'

"All users of Adobe Reader or Acrobat will need to update their software with this release because these updates include fixes for the most critical kind of bugs," Storms said. "Several of these could let an attacker take remote control of a user's computer."

Storms sees a stark contrast between the patches from Adobe and Microsoft on Tuesday. Microsoft issued 34 bug fixes, but they were spread over 12 different products. On the other hand, Adobe fixed nearly 30 bugs in just two products.

"Every security team is hoping that future quarterly security releases from Adobe will not be this massive," Storms said. With Microsoft just releasing its largest-ever set of security bulletins, analysts could say the same thing about the software giant.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.