News

Adobe patches Reader, Acrobat and Flash

By Tim Conneally | Published November 6, 2008, 10:42 AM

On Tuesday, Adobe Systems Inc. issued patches for a five-month old vulnerability in Reader and Acrobat 8.1.2, and today, six critical patches were released for Flash Player 9.

JavaScript vulnerabilities in older versions of Acrobat and Reader could allow remote code execution if not properly patched. This is the fifth update to Reader this year that addresses JavaScript issues. NCircle security expert Andrew Storms told Computerworld in June that Adobe's repeated JavaScript bugs amounted to an epidemic. "Since JavaScript has been a target for so many years, why hasn't Adobe flushed out these vulnerabilities already?" he questioned.

This morning, Adobe issued critical patches for its ubiquitous Flash Player (v. 9.0.124.0), addressing issues that could lead to DNS rebinding attack, HTML injection, or potential information disclosure. Adobe has a page that tells users which version of Flash they're using, to simplify the security update process.

With all of the patches, Adobe recommends that users upgrade to the latest software versions: Adobe Reader 9, Acrobat 9, and Flash 10.

Comments

View comments by with a score of at least

shellcodes_coder
Nov 7, 2008 - 1:24 AM

Fortunately Vista x64 comes w/o flash :)

Score: 0

|
Post Reply
mjm01010101
Nov 6, 2008 - 5:22 PM

Why javascript is in a document viewer was a question I was asking years ago.

This security problem will never go away, and Adobe will have a nightmare on its hands.

Score: 0

|
Post Reply
sx66gns
Nov 6, 2008 - 3:05 PM

No , Because Flash ten is ****ed.

Score: 0

|
Post Reply

Latest Firefox 3.6 beta fixes 133 bugs, promises faster page load times

A once-sluggish beta testing process has kicked into overdrive, with astonishing success at finding serious bugs. Will Mozilla be able to fix all the others in time?

Apple invokes DMCA, claims Psystar is 'trafficking in circumvention devices'

In trying to close the book on possibly the last attempt at a Mac clone, Apple cites from its own landmark case...but may actually be misinterpreting it.

The fallacy of Facebook privacy

Carmi Levy | Wide Angle Zoom: If an insurance company learns something interesting about its client through the Internet, is that snooping?

Microsoft 'worked with Apple' for Silverlight on iPhone, says Goldfarb

By not making such a big deal out of trying to stream video to the iPhone, Microsoft got a big deal out of it, revealed the Silverlight product manager.

Confirmed: Office 2010 to ship in June

Two weeks after Microsoft had been expected to draw a clearer roadmap for its principal applications suite, it's finally ready to commit to the end of H1.

New EU antitrust commissioner will oversee Microsoft, Oracle+Sun, Intel issues

As one of Europe's most prominent politicians shifts positions in January, her replacement remains a question mark over technology's biggest issues.

Without its own 'iTablet' yet, is Apple missing the boat?

Steve Jobs is on record as dissing "single-purpose" devices like e-readers. But given their recent popularity, was that a mistake?

Not-so-mobile battery life: Time to force the issue

Carmi Levy | Wide Angle Zoom: If power efficiency is important when you buy a car or even a motorcycle, why shouldn't it matter for a smartphone?

Clicker.com cuts through the Web video chaos

In a world where homemade video and Hollywood movies travel the same pipeline, it's good to have a real search engine to cut through the clutter.

Microsoft's Ray Ozzie: 'Nobody's going to be 100% open'

The mobile apps ecosystems of the world may converge over time, led by apps being ported over across platforms, according to the Chief Software Architect.

A case study in improving software: What Office 2010 can learn from Notion 3

A music composition product gambles with a complete overhaul, in an effort to make headway against two well-known competitors in a tough market.