Out-of-band patch release from Adobe

Posted by   Virus Bulletin on   Feb 17, 2010

Unscheduled update released by Adobe.

Adobe has released an unscheduled patch for its Reader and Acrobat programs to address some critical flaws.

The software company's fixes usually follow a quarterly release schedule, and last month saw a bumper crop, so none were expected to be published this month, but the vulnerabilities in Reader and Acrobat were sufficiently severe to warrant an out-of-cycle update.

The update addresses two critical vulnerabilities, the first of which could be used to subvert the domain sandbox and make unauthorized cross-domain requests, and the second of which could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Users are urged to upgrade to Acrobat version 9.3.1 and Reader version 9.3.1.

Adobe has come under increasing fire for its record on vulnerabilities of late, with many experts predicting an increase in the growth of malware using PDF and Flash exploits over the coming year.

Adobe's security bulletin can be found here. Comment on the release can be found at The Register here.

Posted on 17 February 2010 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.

Spamhaus report shows many botnet controllers look a lot like legitimate servers

Spamhaus's annual report on botnet activity shows that botherders tend to use popular, legitimate hosting providers, domain registrars and top-level domains when setting up command-and-control servers.

Tips on researching tech support scams

As tech support scammers continue to target the computer illiterate through cold calling, VB's Martijn Grooten uses his own experience to share some advice on how to investigate such scams.