Finally Adobe released a fix on last Tuesday for numerous critical vulnerabilities that arose in Acrobat and Reader products. These security holes have already been exploited in attacks. Adobe Systems Inc has issued a critical and emergency update to its Acrobat and Reader applications, repairing two serious vulnerabilities that could have been used by attackers to crash the program and take control of an infected system. So far the update fixes 17 critical holes. These include the one which was exploited in the wild and caused some serious damages. This allowed the attacker to take control of victim’s computer and one that could be used to initiate an attack using simple social engineering and PDF files. The update will cause the application to be more stable and prepared against attacks. In addition a new functionality has been added which will block any attempt to launch an executable file or any other harmful files. Adobe is facing some serious attacks. About a year ago similar vulnerabilities were spotted by hackers in adobe systems. The magnitude of the attack was decreased by emergency updates.
Adobe’s security bulletin details
Adobe issued a security bulletin last Tuesday in which they told that the vulnerabilities affected Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh, Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Mac and Window systems. Adobe also recommends users to update to newer versions including 8.2.1 or 9.3.1.
This emergency update will also take place on the quarterly update. The next update is now scheduled to be issued in October. Adobe also said in a security bulletin that the new update system launched recently is helping the customers to keep their software’s up to date. Adobe is also looking forward to launch a patch which will support popular languages and Os.
Adobe’s Scheduled update
Adobe has released a scheduled update for its products in order to fix a remotely exploitable vulnerability. These vulnerabilities are actively being targeted in attacks. The flaw allows attackers to execute random code by embedding malformed Flash streams into PDF documents. Adobe addressed an issue in which the flash player is used by attacker to bypass sandboxing processes within adobe Reader and Acrobat, thus making anonymous requests to third-party websites. Adobe told the press that the flaw is critical. The flaw enables an attacker to redirect the components within embedded flash in PDF files to suspicious websites. This can either cause the Flash player to display unauthorized material or even trick the victim into downloading spyware.
Other Vulnerabilities in third party applications
Besides these, there is another vulnerability which is used by hackers to exploit the victim computer. This causes the adobe applications to crash and it allows the attacker to launch code remotely on the victim computer and install malware, which in turn takes over the victim computer. This vulnerability was first spotted by Microsoft vulnerability research program also known as MSVR. MSVR is Microsoft special research facility that hunts for vulnerabilities in third party applications and report them.