Adobe Unveils Another Set of Critical Patches

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

For the second time in one week, Adobe Systems has released a set of critical vulnerability patches.

An Adobe (NASDAQ: ADBE) spokesperson told InternetNews.com that the vendor released six critical patches for Flash Player 9 last Thursday and eight patches for five-month-old vulnerabilities in Adobe Reader and Acrobat 8.1.3 on Tuesday.

Vulnerabilities in Adobe applications are particularly dangerous because they are widely used on the Web, Chris Wysopal, chief technology officer at application security analysis vendor Veracode told InternetNews.com.

Enterprises, which are slow to upgrade, will be hardest hit by these bugs, which target older versions of the Adobe applications, Wysopal said.

The latest versions of Adobe Reader and Acrobat are Version 9; and Adobe released Flash Player 10 in October.

The vulnerabilities in Adobe's applications are all JavaScript bugs. Wysopal said that any application that interprets JavaScript, which Adobe applications do, has a lot of vulnerabilities.

JavaScript has a global object that experts say is the root cause of cross site scripting attacks. Together with SQL injection attacks, it comprises about 60 percent of all Web site attacks.

Other applications, such as browsers, also have JavaScript vulnerabilities, but Adobe is coming under attack because it is a convenient target. Wysopal said hackers are turning their attention to applications from Adobe and other vendors using JavaScript because their traditional targets, browsers, have been hardened over the years.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...