Posts tagged #vulnerabilities

Adobe Update Available

Adobe has released security updates to address multiple
vulnerabilities that affect the following:
 * Adobe Reader 9.3.1 and earlier
 * Adobe Acrobat 9.3.1 and earlier
 * Adobe Reader 8.2.1 and earlier
 * Adobe Acrobat 8.2.1 and earlier

These vulnerabilities may allow an attacker to execute arbitrary code
or cause a denial-of-service condition.

Please visit Adobe to download and update your product

Critical vulnerabilities have been identified in Adobe Reader 9.3.1 (and earlier versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.2. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.2, Adobe has provided the Adobe Reader 8.2.2 update.) Adobe recommends users of Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.2. Adobe recommends users of Acrobat 8.2.1 and earlier versions for Windows and Macintosh update to Acrobat 8.2.2.

Affected software versions

Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh

Solution

Adobe Reader
Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Adobe Reader users on UNIX can find the appropriate update here:
ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.3.2/.

Adobe Acrobat
Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.

Acrobat 3D users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.

Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

Severity rating

Adobe categorizes these as critical updates and recommends that users apply the latest updates for their product installations.

Posted on April 13, 2010 by Jonathan Green and tagged Acrobat Adopbe Reader vulnerabilities.

How secure is your Mac?

Security expert Charlie Miller is due to disclose how he found 20 zero day Mac vulnerabilities at next weeks CanSecWest security conference.

Miller will stop short of exposing the actual vulnerabilities.

In a great analogy about PC security, Miller compared the Mac to a remote farmhouse without locks, suggesting that it's still a 'remote' enough platform to not be 'found' but is actually inherently insecure.

The days of safe Mac computing may well be numbered. We all expect the targeting to increase as the Mac's market share increases.

It's only a matter of time, but as long as you remain security conscious, the Mac is still currently the safest platform.

Posted on March 20, 2010 by Jonathan Green and tagged Apple Mac OSX vulnerabilities.

Another Adobe Update (Windows and Mac)

Adobe has released updates for Flash Player with a Tue 16th Feb release of Acrobat and Reader.

As Adobe products seem to be the target of an awful lot of exploits recently, you are urged to update those products as soon as possible.

Remember, we advise you to turn OFF javascript within Reader as a matter of course, which will prevent many vulnerabilities whenever they arise.

There are currently two bulletins:

The first bulletin, APSB10-06, is a security update for Adobe Flash
Player and Adobe AIR that addresses a critical vulnerability.
Exploitation of these vulnerabilities may allow an attacker to make
unauthorized cross-domain requests. The bulletin indicates that the
update also addresses a potential denial-of-service issue.

The second bulletin, APSB10-07, is a security advisory for Adobe
Reader and Acrobat. This shows that Adobe is planning to
release updates for Adobe Reader and Acrobat on February 16, 2010 to
address other critical security issues.

 

Please head here:

http://www.adobe.com/support/security/bulletins/apsb10-06.html

http://www.adobe.com/support/security/bulletins/apsb10-07.html

(both links safe as of time of posting)

Posted on February 13, 2010 by Jonathan Green and tagged Adobe Flash Reader expo=loit vulnerabilities.