Adobe to rush out another critical Reader patch

A Flash Player flaw, patched Thursday, affects Reader and Acrobat as well

Robert McMillan (IDG News Service)
15 February, 2010 07:35
Comments

Just weeks after patching a critical flaw, Adobe Systems is rushing out another patch for its Reader and Acrobat software. The company also patched a critical issue in Flash Player Thursday.

The Flash Player flaw could be used by an attacker to trick a Web browser into doing things that it shouldn't, but it's not what is known as a remote-code execution flaw. This means it can't be used to directly install unauthorized software on a victim's computer, said Brad Arkin, Adobe's director of product security and privacy.

If the bug is exploited, "the attacker would be able to execute a general class of cross-site request forgery type of attacks," Arkin said. Adobe rates the issue as "critical."

Normally Adobe patches Reader and Acrobat in quarterly security updates, but Adobe is being forced to rush out next Tuesday's fix because these products are also susceptible to the Flash Player flaw, Arkin said. "We decided that we wanted to get the update for Flash Player out to users as soon as possible," he said. "We didn't want to wait any extra time to do a coordinated release."

In theory, hackers could learn about the bug by looking at the Flash Player patch and then use that information to attack Reader and Acrobat, but Adobe is giving them just a five-day window to complete this work. At present, Adobe isn't aware of any attacks that exploit this Flash Player bug, Arkin said.

Users who are worried about the Flash Player bug being exploited in Reader can mitigate the threat by opening documents outside of the browser, Arkin said.

Next week's Reader and Acrobat update will also patch another undisclosed issue in the PDF-reading software, he added.

The flaws affect Windows, Mac and Unix platforms.

Adobe's security has come under scrutiny over the past year as attackers have increasingly leveraged Reader and Acrobat flaws to hack into computers. Because Reader is installed on almost all desktop computers, a well-crafted Reader attack can affect more victims than one that targets Internet Explorer or Firefox.

Adobe's next scheduled Reader and Acrobat update is due April 13.

Also on Thursday, Adobe patched an "important" bug in its open-source BlazeDS messaging software.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Adobe, Adobe Systems

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

""Amsellem said Facebook, flush with cash from its recent IPO, could purchase ..."

Facebook could buy Nokia to build 'FacePhone', expert claims
"Anxiety is a normal part of life but when it becomes excessive ..."

It's not all Doom at new media conference
"This article touches on some of the points of Cloud security. Seems ..."

Tech Watch: Who watches the datacentre?
"I would assume being more exposed to the outside elements during a ..."

Facebook scammers host Trojan horse extensions on the Chrome Web Store
"Good luck. Guessing that you dont have the unrest in the channel ..."

Webroot: Growth in security

Tags: Adobe, adobe reader, security, security patch

ARN Directory | Distributors relevant to this article

Express Data , Express Online , Scholastic , Topstar Computer International

ARN Directory | Vendors relevant to this article

Adobe Systems

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

CCSAP PM ConsultantNSW
CCSAP FICO ConsultantNT
FTSales Account ManagerNSW
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTSales Account ManagerNSW
FTSAP Basis ConsultantNSW
FTQM Trainer and ConsultantNSW
FTChange Management ProfessionalsNSW
FTSAP Basis ConsultantACT
CCOBIEE ConsultantWA
CCAPAC Campaign ManagerNSW

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

ACA Pacific

Receive 18% off SAP Crystal Server and Designer Licenses. Offer Ends June 28th, 2012.

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

Aberdeen Group: Building Business Resilience Through Active Archive

One of the key data management challenges organizations often face is how to keep their archived data accessible and active, without spending the time and resources associated with primary storage. The amount of data in the archives can range from one half to 10 times the amount of data actively managed in primary storage. How can end-users gain access to historical files in a reasonable amount of time without pulling IT employees from higher priority projects? Aberdeen's research found the answer in the technologies and processes that comprise active archiving.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management