Tuesday, October 5, 2010

Reader, Acrobat Patches Plug 23 Security Holes

Finally the active 0-day exploit is being patched.  Brian Krebs has the most consumer-friendly write-up on it.

Reader, Acrobat Patches Plug 23 Security Holes — Krebs on Security
A new security update from Adobe plugs at least 23 security holes in its PDF Reader and Acrobat software, including two vulnerabilities that attackers are actively exploiting to break into computers.

Adobe is urging Reader and Acrobat users of versions 9.3.4 and earlier for Windows, Mac and UNIX systems to upgrade to version 9.4 (Adobe says those who can’t upgrade to the 9.x version should instead apply the version 8.2.5 update).

Adobe says one of the 23 flaws fixed by this new version being actively exploited. A second zero-day flaw corrected by today’s update — a critical vulnerability in Adobe Flash player that the company fixed in a separate update last month for the stand-alone Flash player — also exists in Adobe Acrobat and Reader, although Adobe says it is not aware of any attacks exploiting this flaw in those products yet.
If you use Adobe Reader or Acrobat, please take a moment to update this software. The current version of Reader is available here, and other products and versions are available from this page.

Adobe ships another mega-patch for PDF Reader | ZDNet
Adobe has slapped another band-aid on its heavily targeted PDF Reader/Acrobat product line, warning that hackers are already exploiting some of these vulnerabilities to launch malware attacks.

Adobe updates: http://www.adobe.com/support/security/bulletins/apsb10-21.html

No comments: