Software firm Adobe published on Tuesday an update to close a handful of flaws in its ubiquitous Flash software and posted a list of ways to protect against attacks targeting Acrobat and Reader.
The update for Flash, a widely-used multimedia plug-in for Internet browsers that adds more interactivity to Web sites, closes five vulnerabilities in the software, including at least one issue that could allow an attacker to run arbitrary code, according to an Adobe advisory. Adobe also posted a list that included a workaround to block the most recent attacks against a vulnerability in the company's Acrobat document software and its Reader client. The blog post listed security firms that were providing additional protection against the threat.
Because of their ubiquity, Adobe's Acrobat and Flash software have become popular targets of security researchers, who try to find vulnerabilities to help secure software, and online criminals, who try to exploit the vulnerabilities. Last year, for example, Adobe released a software update to shutter a flaw in its Flash software that allowed attackers to overlay user interface elements over a Web page. The attack, known as clickjacking, lets the attacker lead a victim to believe they are performing one action, when they are actually doing something completely different.
Adobe plans to release a software patch on March 11 to close the door on attacks against the flaw in Acrobat and Reader.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos