Adobe Serves Up Critical Patch for Acrobat, Reader
Adobe finally released its cross-platform fixes for zero-day vulnerabilities in its popular Reader and Acrobat applications.
Adobe Systems on Tuesday released a patch for a critical PDF zero-day vulnerability that was causing computers running its ubiquitous Reader and Acrobat applications to shut down and, in some cases, be infiltrated by hackers.
The highly anticipated patch also includes a new update process that, once activated, will keep end users up to date in a much more streamlined and automated way, according to a posting on the Adobe Reader blog.
"This is the first time we've exercised the new updater with 'official' updates, which allows us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience," Adobe project manager Steve Gottwals wrote in the post. "Over the next few weeks, we will be analyzing the test results and will continue communicating important details with you, including when we expect it to be active for all users, which could be as soon as our next update."
Security software vendors and analysts had previously Adobe's earlier update process was cumbersome and inefficient, often discouraging users to the point that they would simply not apply the new patches -- leaving the applications open to abuse from hackers.
In addition to the new patch and updater process, Adobe (NASDAQ: ADBE) officials are advising users of Adobe Reader 9.2 and Acrobat 9.2 as well as earlier versions for Windows, Macintosh and UNIX to update to Adobe Reader 9.3 and Acrobat 9.3. For user running Adobe and Reader on Windows and Macintosh who cannot update to Reader 9.3, Adobe has provided the Adobe Reader 8.2 update for all platforms.
Adobe officials said it has been shipping a new "beta" updater in a passive state since its quarterly update in October.
Separately, Adobe this week confirmed that its own networks were the subject of "sophisticated and coordinated cyber attacks" in mid-December.
In another posting, Adobe officials said the attacks affected corporate network systems managed by Adobe and 20 other unnamed companies.
Adobe is investigating the source and methods used to carry out the attempted hacks but added that no sensitive data was stolen.
According to security software experts, the popularity of Adobe's publishing and editing applications makes them especially appealing to hackers and phishers looking to install and distribute malware. Because Reader and Acrobat are so common and widely used, most people don't give a second thought to clicking on attachments created with the familiar applications.
Adobe has addressed this PDF zero-day vulnerability before and issued a flurry of patches to safeguard its applications from a variety of security holes.
Larry Barrett is a senior editor at InternetNews.com, the news service of the internet.com network.
January 12, 2010
Microsoft shuts down one significant vulnerability in Windows 2000 SP4, while raising the flag on another old flaw -- this time, in Adobe Flash 6.