Tuesday, February 23, 2010 11:25 AM cmosby

Adobe Releases Out-of-Band Patch for Adobe Reader and Acrobat

img {max-width:650px;width: expression(this.width > 650 ? 650: true);border-style:none; behavior: url(../iepngfix.htc); }
4:08 pm (UTC-7)   |   by Jovi Umawing (Technical Communications)

Since the beginning of the year, Adobe and Microsoft have been under a bad light since most of the most recent attacks notably exploited the two companies’ software vulnerabilities. Adobe Reader and Acrobat, in particular, are currently cybercriminals’ favorite targets. When news that Adobe would be releasing an out-of-band security update to prevent an exploitable hole in certain versions of Adobe Reader and Acrobat, some raised their brows in question while some rolled their eyes and declared that this was the last straw.

According to Adobe’s latest security bulletin, the said critical vulnerability could affect Adobe Reader 9.3 for Macintosh, Windows, and Unix; Adobe Acrobat 9.3 for Macintosh and Windows; and Adobe Reader and Acrobat 8.2 for Macintosh and Windows based on reports from Microsoft and Michael Yong Park. If cybercriminals exploited the said vulnerability, they could make unauthorized cross-domain requests or worse take control of affected systems, similar to the effects of a flaw in Adobe Flash and Adobe AIR Park also spotted days earlier.

According to ZDNet, Adobe insisted that there were no active expoits in the wild targeting the said vulnerability. TrendLabs engineers, on the other hand, have documented a number of noteworthy incidents wherein cybercriminals utilized Adobe Acrobat and Reader vulnerabilities, specifically in the way these software handled JavaScript:

Users of affected versions of Adobe Reader and Acrobat are strongly advised to download the updates in this security bulletin.

Trend Micro™ Smart Protection Network™ protects users from these kinds of attack by blocking user access to malicious sites and domains via the Web reputation service, by preventing spammed messages containing links to malicious sites from even reaching their inboxes via the email reputation service, and by detecting and consequently deleting malicious exploits from their systems via the file reputation service.

Smart Protection Network™ also protects Trend Micro product users via Trend Micro Smart Surfing for Mac and Trend Micro Security for Mac.

Filed under: , , , , ,


No Comments