With new attack released, Adobe to patch next week

A zero-day attack is posted as Adobe patches a separate Flash Player issue

Robert McMillan (IDG News Service)
04 December, 2009 07:36
Comments

Adobe Systems' security response team is scrambling to fix a newly disclosed bug in its Illustrator software, even as it readies another security patch for next week.

On Tuesday, an unidentified hacker posted a proof of concept attack, showing how the Illustrator vulnerability could be leveraged to run unauthorized software on a victim's computer. Adobe said Tuesday that it was investigating the attack, but it's not clear when the software company will fix the issue.

For this attack to work, the users must open a maliciously crafted Encapsulated PostScript (.eps) file in Illustrator, Adobe said in a blog post.

Because this attack code is now public and available to cyber-criminals, this flaw could become a serious issue.

However, Adobe Director of Product Security Brad Arkin said Tuesday that his team has not yet confirmed that the attack could be used to install a virus on a computer. "We've been able to trigger a crash on at least one version and platform," he said. "As soon as we get all of our details together we'll do an advisory."

Security vendor Secunia says the flaw exists in Illustrator Creative Suite versions 13 and 14, and that other versions of the product may be affected.

Meanwhile, Adobe plans to fix other critical bugs in its Flash Player software on Tuesday. This update is not related to the Illustrator issue and had been previously scheduled, Arkin said.

"As far as we can tell, the [Illustrator] bug has absolutely nothing to do with Flash Player."

Tuesday's Flash Player update falls on the same day that Microsoft is planning to issue six security updates for Windows, Office and Internet Explorer, including a patch for a publicly disclosed vulnerability in Internet Explorer.

Following Tuesday's bug-fixes, Adobe's next set of regularly scheduled security updates for its Reader and Acrobat software are due Jan. 12.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Adobe, Adobe Systems, Creative, Microsoft, Secunia

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"I wanted to thank you for this great read! ! I absolutely ..."

REVIEW: HTC Sensation - a powerful beast wrapped in a sturdy, aluminium shell
"i need to seen a lates..sumsung galaxy2"

First look: Samsung Galaxy S III
"why am i being railroaded into Facebook. how disappointing. I have been ..."

Spotify tunes into Australia
"Dear Sir, We are very nice to introduce you ourselves. Now we ..."

Telstra and Navman Wireless extend GPS tracking partnership
"Should I REFINANCE a construction loan to a permanent loan OR convert ..."

World’s eyes on Aussie NBN: Conroy

Tags: Adobe, cyber attacks, security, security patch

ARN Directory | Distributors relevant to this article

ASI Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , ICT Distribution , Impact Systems Technology , Leader Computers , Multimedia Technology , NewLease , Scholastic , Synnex Australia , Topstar Computer International , XiT Distribution , Xpress I.T.

ARN Directory | Vendors relevant to this article

Adobe Systems

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

FTSAP Basis ConsultantNSW
CCOBIEE ConsultantWA
FTSAP Basis ConsultantACT
FTQM Trainer and ConsultantNSW
CCSAP FICO ConsultantNT
CCSAP PM ConsultantNSW
FTSales Account ManagerNSW
FTChange Management ProfessionalsNSW
FTSales Account ManagerNSW
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
CCAPAC Campaign ManagerNSW

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

ACA Pacific

Increase Your Profit Margins with Tandberg Data RDX Cartridges!

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

In Search of the Long-Term Archiving Solution —Tape Delivers Significant TCO Advantage over Disk

How to reasonably and in the most cost-effective way, preserve valuable digital data for a long time – and how to prepare for the ensuing decades of continuing data growth, technology change, and increasing long-term preservation requirements.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management