Adobe Issues Out-of-Cycle Updates for Acrobat, Reader

Application Security | News | Kara Reeder, Thursday, July 1, 2010
Adobe Systems, Vulnerabilities and Patches
Here we go again: On Tuesday, Adobe patched 17 critical vulnerabilities in Reader and Acrobat in an out of cycle update, according to Computerworld. Adobe says 16 of the 17 patches could lead to remote code execution.

Included in the update, is a patch for a PDF attack demonstrated by Didier Stevens. What was unique about the attack is that it did not require an underlying vulnerability to hijack a machine; attackers needed only to trick users into opening the PDF document. Stevens said the issue could not be fixed, but Adobe explains:

We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.

The original update was scheduled for July 13. In a blog post, the company says:

Note that the June 29, 2010 updates represent an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on July 13, 2010.

 

Comments (0) Bookmark and Share

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <b> <i>

More information about formatting options