Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Adobe updates Flash, advises on Acrobat
Published: 2009-02-26

Software firm Adobe published on Tuesday an update to close a handful of flaws in its ubiquitous Flash software and posted a list of ways to protect against attacks targeting Acrobat and Reader.

The update for Flash, a widely-used multimedia plug-in for Internet browsers that adds more interactivity to Web sites, closes five vulnerabilities in the software, including at least one issue that could allow an attacker to run arbitrary code, according to an Adobe advisory. Adobe also posted a list that included a workaround to block the most recent attacks against a vulnerability in the company's Acrobat document software and its Reader client. The blog post listed security firms that were providing additional protection against the threat.

Adobe underscored that, while current attacks use Javascript to exploit the vulnerability in Reader and Acrobat, other protections are necessary to defend against potential future attacks.

"Disabling JavaScript provides protection against currently known attacks," Adobe's Product Security Incident Response Team said in the post on its blog. "However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk."

Because of their ubiquity, Adobe's Acrobat and Flash software have become popular targets of security researchers, who try to find vulnerabilities to help secure software, and online criminals, who try to exploit the vulnerabilities. Last year, for example, Adobe released a software update to shutter a flaw in its Flash software that allowed attackers to overlay user interface elements over a Web page. The attack, known as clickjacking, lets the attacker lead a victim to believe they are performing one action, when they are actually doing something completely different.

Adobe plans to release a software patch on March 11 to close the door on attacks against the flaw in Acrobat and Reader.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus