Adobe releases first quarter patches
Adobe releases first quarter patches
By Michael S. Mimoso | Jun 11, 2009
0 comments
Facebook
LinkedIn
Digg
Adobe released its first regularly scheduled set of quarterly security patches today for its Reader and Acrobat products, coinciding with a heavy Patch Tuesday release from Microsoft.
The critical fixes addressed 13 vulnerabilities in Adobe Reader and Acrobat versions 9.1.1 for Windows and Macintosh. The update fixes a stack overflow vulnerability that could be exploited by an attacker to execute code and an integer overflow flaw that could lead to a denial of service condition.
Adobe's update also fixes how Acrobat and Reader handle JBIG2, an image compression format used to convert binary images. The programs contained several memory corruption issues and multiple heap overflow vulnerabilities, according to the Adobe security bulletin.
In addition, the software maker said the "update resolves Adobe internally discovered issues."
Adobe announced on May 20 its intent to regularly release patches every three months. Increasingly, it's Reader and Acrobat products are the target of attacks; research from F-Secure indicates that almost 49% of targeted attacks against file types were against PDFs. That's up from 29% a year ago Yet, despite the ubiquity of the product's installed base and the increasingly high profile nature of attacks against Adobe, research conducted by Qualys indicates the uptake of Adobe patches isn't very high. In fact, Qualys CTO Wolfgang Kandek said 20% of Adobe Reader installations have been patched in the two months between its March and May patch releases.
"I think it's a mindset thing, a visibility thing," Kandek said. "With Microsoft, there is good visibility of its security patches; you're aware it of and know what Patch Tuesday is.
"I think we have to raise the visibility of the Adobe security issue," Kandek said. "Talk to your patch management systems, make sure auto-update is working."
Similar
Add comment
Similar
knowledge_central_tab
