Advertisement
  • About the Author
  • About this Blog

    • Posts Tagged: acrobat

    Latest Warnings / Time to Patch21 Comments
    21
    Apr 11

    Adobe Reader, Acrobat Update Nixes Zero Day

    Adobe shipped updates to its PDF Reader and Acrobat products today to plug a critical security hole that attackers have been exploiting to break into computers. Fixes are available for Mac, Windows and Linux versions of these software titles.

    The patch released today addresses two critical flaws. Adobe pushed out a patch for the standalone Flash Player last week, but that same vulnerable component exists in Adobe Reader and Acrobat. Initially, Adobe said it was only aware of attacks on the Flash Player but, in the the latest advisory, it acknowledged the existence of public reports that hackers have been sending out poisoned PDFs that exploit the Flash flaw. Malwaretracker.com, for example, reported that it was receiving reports of malicious PDFs attacking the Flash bug as early as Apr. 17.

    The Reader/Acrobat patch also addresses another critical bug (a flaw in the CoolType library of Reader & Acrobat) that could allow attackers to install malicious software. Not much information is public about this vulnerability, except that Poland’s CERT is credited with reporting it. Adobe spokesperson Wiebke Lips said the company was not aware of any exploits in the wild targeting this bug.

    The advisory for the latest version is here. Users on Windows and Macintosh can grab the update using the product’s update mechanism. To manually check for an update, open your Reader or Acrobat and choose Help > Check for Updates.

    Latest Warnings / Time to Patch33 Comments
    21
    Mar 11

    Critical Security Updates for Adobe Acrobat, Flash, Reader

    Adobe today released a software update to plug a critical security hole in its Flash Player, Adobe Acrobat and PDF Reader products. The patch comes a week after the software maker warned that miscreants were exploiting the Flash vulnerability to launch targeted attacks on users.

    The Flash update addresses a critical vulnerability in Adobe Flash Player version 10.2.152.33 and earlier; versions (Adobe Flash Player version 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems; and Adobe Flash Player 10.1.106.16 and earlier versions for Android.

    Adobe is urging all users to upgrade to the latest version — Flash v. 10.2.153.1 (Chrome users want v. 10.2.154.25, although Google is likely to auto-update it soon, given their past speediness in applying Flash updates). Update: According to The Register’s Dan Goodin, Google updated Chrome to patch this Flash flaw a full three days ago!

    Original post: Click this link to find out what version of Flash you have installed. If something goes wrong in your update, or if you’re just a stickler for following directions, Adobe recommends uninstalling the current version of Flash before proceeding with the update (Mac users see this link).

    Continue reading →

    Latest Warnings / Time to Patch19 Comments
    17
    Nov 10

    Critical Updates for Adobe Reader, Acrobat

    Adobe on Tuesday issued a critical update to patch at least two security holes in its PDF Reader and Acrobat software, including one flaw that was publicly disclosed earlier this month.

    Updates are available for Windows, Mac and UNIX versions of Reader and Acrobat. The newest version is v. 9.4.1. If you use either of these products, take a moment to update them by clicking “Help,” then “Check for Updates.” Direct links to the new versions also are available in the Adobe advisory for this update. Note that this is not the sandboxed version (Adobe Reader X, or v 10.0) which is expected to be released at the end of this month.

    Separately, the company is warning users not to fall for recent phishing and other e-mail scams targeted at Adobe customers looking for the Adobe Acrobat X, a new product being released this week. “Many of these emails require recipients to register and/or provide personal information. Please be aware that these emails have not been sent by Adobe or on Adobe’s behalf,” Adobe said.

    Time to Patch30 Comments
    5
    Oct 10

    Reader, Acrobat Patches Plug 23 Security Holes

    A new security update from Adobe plugs at least 23 security holes in its PDF Reader and Acrobat software, including two vulnerabilities that attackers are actively exploiting to break into computers.

    Adobe is urging Reader and Acrobat users of versions 9.3.4 and earlier for Windows, Mac and UNIX systems to upgrade to version 9.4 (Adobe says those who can’t upgrade to the 9.x version should instead apply the version 8.2.5 update).

    Adobe says one of the 23 flaws fixed by this new version is being actively exploited. A second zero-day flaw corrected by today’s update — a critical vulnerability in Adobe Flash player that the company fixed in a separate update last month for the stand-alone Flash player — also exists in Adobe Acrobat and Reader, although Adobe says it is not aware of any attacks exploiting this flaw in those products yet.

    Continue reading →

    Time to Patch29 Comments
    29
    Jun 10

    Security Updates for Adobe Acrobat, Reader

    Adobe Systems Inc. is urging users to update installations of Adobe Reader and Acrobat to fix a critical flaw that attackers have been exploiting to break into vulnerable systems.

    The update brings Adobe Acrobat and Reader to version 9.3.3 (another update for the older 8.2 line of both products brings the latest version to v. 8.2.3). Patches are available for Windows, Mac, Linux and Solaris versions of these programs. Adobe’s advisory for this update is here, and the Reader update is available from this link — or by opening the program and clicking “Help” and “Check for Updates.” If you download the update from the Adobe Reader homepage, you’ll end up with a bunch of other stuff you probably don’t want (see below, after the jump for more on this).

    If you use Adobe Reader or Acrobat, please take a moment to update this software. Users may also want to consider switching to other free PDF readers that are perhaps less of a target for malicious hackers, such as Foxit Reader, Nitro PDF Reader, and Sumatra.

    Continue reading →

    Time to Patch24 Comments
    17
    Feb 10

    Security Updates for Adobe Reader, Acrobat

    Adobe is urging users of its PDF Reader and Acrobat software to install an update that fixes a couple of critical security holes in the products. The patches come amid news that booby-trapped PDF files were responsible for roughly 80 percent of the exploits detected in the 4th quarter of 2009.

    The latest update brings Adobe Reader to version 9.3.1, and fixes a pair of vulnerabilities that Adobe has labeled “critical,” which means the flaws could be used to install malicious software on vulnerable systems. Updates are available for Windows, Mac and Linux versions.

    Continue reading →