News

Adobe patches Reader, Acrobat and Flash

By Tim Conneally | Published November 6, 2008, 10:42 AM

On Tuesday, Adobe Systems Inc. issued patches for a five-month old vulnerability in Reader and Acrobat 8.1.2, and today, six critical patches were released for Flash Player 9.

JavaScript vulnerabilities in older versions of Acrobat and Reader could allow remote code execution if not properly patched. This is the fifth update to Reader this year that addresses JavaScript issues. NCircle security expert Andrew Storms told Computerworld in June that Adobe's repeated JavaScript bugs amounted to an epidemic. "Since JavaScript has been a target for so many years, why hasn't Adobe flushed out these vulnerabilities already?" he questioned.

This morning, Adobe issued critical patches for its ubiquitous Flash Player (v. 9.0.124.0), addressing issues that could lead to DNS rebinding attack, HTML injection, or potential information disclosure. Adobe has a page that tells users which version of Flash they're using, to simplify the security update process.

With all of the patches, Adobe recommends that users upgrade to the latest software versions: Adobe Reader 9, Acrobat 9, and Flash 10.

Comments

View comments by with a score of at least

shellcodes_coder
Nov 7, 2008 - 1:24 AM

Fortunately Vista x64 comes w/o flash :)

Score: 0

|
Post Reply
mjm01010101
Nov 6, 2008 - 5:22 PM

Why javascript is in a document viewer was a question I was asking years ago.

This security problem will never go away, and Adobe will have a nightmare on its hands.

Score: 0

|
Post Reply
sx66gns
Nov 6, 2008 - 3:05 PM

No , Because Flash ten is ****ed.

Score: 0

|
Post Reply

Bing gets geekier with new Wolfram Alpha integration

Microsoft's Bing is now teamed up with Wolfram Alpha for computational search results.

HP to acquire 3Com for $2.7 B in cash, focus on China

A long and uncertain comeback trail comes to an end for the one-time network equipment giant.

Universities reject Kindle DX as a textbook replacement

Two universities running Kindle DX pilot programs have rejected the device.

Snow Leopard and Windows 7 still can't crack the netbook problem

Apple has killed Atom support in OS X 10.6.2 and Windows 7 Starter Edition is stripped of "basic" functionality.

Facebook for iPhone developer goes from Apple supporter to 'I quit!' in 3 months

Fed up with Apple's App Store policies, the developer of Facebook for iPhone has bailed on the iPhone.

Bing vs. Google rematch on video search

After Microsoft folds some old MSN Video features back into Bing, do they add to the search engine's functionality or take away?

New EU telecoms framework mandates user consent before getting cookies

Do you want a cookie? No. Do you want a cookie? No. Do you want a cookie? No. Do you want...Are you annoyed yet? That's a preview of 2011.

The Samsung Intrepid: A nice phone, if you can accept Windows Mobile

Samsung appears to have built solid enough hardware, but it's the software that seems uncomfortable and unintuitive.

A real beta process at work: Mozilla fires up Firefox 3.6 Beta 2

In the clearest sign yet that public input really does help the development process, a flurry of bug detections provoked Mozilla to release Beta 2 of the next Firefox.

Kindle for PC opens in beta, underwhelms

Amazon has opened the beta of Kindle for PC, a companion to the Kindle, but little else.

European ministers approve watered-down 'neutral net' language

The latest provision in the EU's telecoms regulatory framework would let businesses cancel individuals' Internet access, if they go to court first.