PDF

Security beefed up in new Adobe Reader, Acrobat

By

Adobe has advanced its sandbox technologies in the latest Reader and Acrobat editions to deter against data theft. It's also added a number of other security features.

2012 Olympics malware already circulating

By

Researchers at security firm F-Secure said this week they have spotted a malicious PDF making the rounds that opens a legitimate copy of the Games' schedule, but in the background it tries to connect to a malicious website.

Adobe Reader attacks continue two years after patch

By

JavaScript-based attacks taking advantage of an Adobe Reader and Acrobat vulnerability patched in 2010 are continuing in waves, Symantec researchers said this week.

Adobe patches Reader bugs, releases new JavaScript feature

By

Adobe joined Microsoft with software updates on Tuesday for Reader and Acrobat. In addition, the PDF software company released a new capability that allows JavaScript to run based on document trust.

Out-of-band fix for Adobe Reader security issue coming Friday

By

An out-of-cycle patch is coming to fix a flaw in Adobe Reader and Acrobat 9 for Windows.

Lockheed Martin hit, but not breached, with Adobe zero-day

By

Defense contractors appear to be the prime target of sophisticated malware that attempts to take advantage of an unpatched flaw in Adobe Reader and Acrobat software.

Adobe to issue emergency fix for Reader security bug

By

Adobe warned Tuesday of an unpatched vulnerability in its Reader and Acrobat software after catching wind of active exploits by cybercriminals.

Mac trojan spreads under guise of PDF document

By

Malware writers are borrowing a page from the Windows attack handbook with the latest Mac OS X threat.

Microsoft, Adobe release scheduled security patches

By

Microsoft released five important bulletins addressing 15 flaws, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.

Microsoft, Adobe announce forthcoming patches

By

Microsoft is readying five "important" security bulletins for Windows and Office, while Adobe plans to release critical updates for Reader and Acrobat.

Apple delivers iOS patch for jailbreak flaw

By

Apple on Friday issued an update for its iOS mobile operating system, addressing a security flaw being used to jailbreak iPad, iPhone and iPod Touch devices.

Adobe fixes Reader, Acrobat issues early

By

Adobe has sped up the planned release of updates to its Reader and Acrobat software, good news for customers now that reports of public exploits have emerged. The updates, released Thursday but not expected until next week, shore up two critical vulnerabilities, one of which has been leveraged in in-the-wild attacks, according to a revised bulletin. Reader X for Mac and Acrobat X for Windows and Mac received updates, as did Reader/Acrobat 9.4.3 for Windows and Mac. Reader X for Windows won't receive a new version until June 14, a scheduled quarterly update, because the "Protected Mode" capability prevents against exploit. The flaw being used in attacks also was present in Flash Player, but that software was patched last week.

Adobe to fix zero-day Flash vulnerability this week

By

Adobe is set to release an emergency update on Friday to its Flash Player for Windows, Mac, Linux and Solaris, shoring up a zero-day vulnerability disclosed earlier this week. Users of Flash for Google Chrome will receive the update on Thursday via the browser's auto-update mechanism. Attackers are actively exploiting the flaw under the guise of a legitimate Microsoft Word document, Adobe has warned. The company expects to provide an update no later than the week of April 25 for Adobe Acrobat X and earlier for Windows and Mac, Adobe Reader X for Mac and Adobe Reader 9.4.3 and earlier for Windows and Mac. Adobe Reader X for Windows is expected to be updated with the next quarterly release, scheduled for June 14.

Adobe advises of Flash flaw exploited via Excel docs

By

Adobe on Monday warned of a "critical" zero-day vulnerability in Flash Player that attackers currently are exploiting through Microsoft Excel files.

Unwitting accomplices and complicit security teams

Unwitting accomplices and complicit security teams

End-users may be the weakest link, but technology exists to take security out of their hands.

Adobe issues slew of patches for its software

By

Adobe on Tuesday released its quarterly security update, fixing dozens of vulnerabilities, including 29 flaws in its popular PDF viewing software Reader and Acrobat and 13 in Flash Player.

Adobe to release Reader, Acrobat updates

By

Adobe next week plans to release updates for its Reader and Acrobat software to fix critical security issues, the company said in a notification security advisory issued Thursday. Updates will be available for Reader and Acrobat X (10.0) for Windows and Mac; Acrobat 9.4.1 and earlier versions for Windows and Mac and Reader 9.4.1. and earlier versions for Windows, Mac and Unix. Updates for Windows and Mac are scheduled to be released on Tuesday, while Unix users will have to wait until Feb. 28 for a fix. - AM

Adobe X released with new sandboxing feature

By

Adobe X, the latest version of Adobe Reader, was released on Thursday and includes a new security feature designed to mitigate attacks against the popular PDF software. The new capability, called "Protected Mode," will force operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited. The functionality will help prevent attackers from writing files or installing malware on a victim's computer, Brad Arkin, senior director of product security and privacy at Adobe, wrote in a blog post Thursday. The capability is similar to technologies used in the Google Chrome web browser and Microsoft Office 2010, Arkin said. - AM

Adobe to issue emergency updates for Reader, Acrobat

By

Adobe this week plans to issue an emergency security update for Adobe Reader and Acrobat to fix a number of critical flaws, including a zero-day vulnerability that is being exploited in the wild.

Adobe investigating DoS "issue" in Reader

By

Adobe is investigating a "potential issue" in Reader that could permit the launch of denial-of-service attacks against affected computers, the company said Thursday.

Adobe reveals new flaw affecting Flash and Reader

By

A "critical" zero-day vulnerability affecting Adobe Flash Player, Reader and Acrobat is being exploited in the wild, Adobe warned on Thursday.

Microsoft warns of "unprecedented" Java exploitation

By

The number of attacks on vulnerable Java code spiked during the third quarter of the year and have reached "unprecedented" levels, a Microsoft malware expert said on Monday.

Adobe X to include new sandboxing security feature

By

The next major version of Adobe Reader, Adobe X, slated to be released next month, will include a new security feature designed to mitigate attacks against the popular PDF software, Adobe announced on Monday. The new capability, called "Protected Mode," will force all operations that display PDF files to the user to be run inside a highly confined environment, known as a sandbox, in which certain functions are prohibited. The new functionality will help prevent attackers from being able to write files, change registry keys or install malware on an individual's computer, Adobe has said. Malicious code inside PDF files will be contained inside the Reader sandbox, instead of being installed on a user's system. — AM

New Reader, Acrobat from Adobe fixed for 23 flaws

By

Adobe on Tuesday released updated versions of its flagship Reader and Acrobat products to close a whopping 23 vulnerabilities, including two publicly known issues.

Adobe Reader, Acrobat patches coming Tuesday

By

Adobe on Tuesday plans to release updates to its widely deployed Reader and Acrobat software to address a number of flaws, including a pair of known issues, the company announced Thursday.

Adobe updates Flash Player to address critical flaw

By

Adobe issued a security update to address a "critical" vulnerability in Adobe Flash Player that could allow an attacker to take control of a targeted system.

Adobe discloses Flash bug, moves up Reader fixes

By

Adobe on Monday revealed a "critical" vulnerability in Flash Player that can be used by an attacker to take control of a targeted system. The flaw affects Flash versions 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris and Android, according to an advisory. The same bug also impacts Adobe Reader 9.3.4 for Windows, Mac and Linux and Acrobat 9.3.4 for Windows and Mac. Adobe is not aware of any public exploits, although there have been reports of them. A fix is scheduled for Sept. 27. Also on Monday, Adobe announced it plans to fast-track its planned quarterly Reader and Acrobat patches by one week, to the week of Oct. 4. The decision comes days after Adobe disclosed a dangerous zero-day vulnerability that is being leveraged in active attacks. — DK

Adobe grapples with new Reader, Acrobat zero-day

By

Adobe on Wednesday confirmed a dangerous Reader and Acrobat vulnerability, which is being exploited in the wild.

IBM report shows new flaws skyrocket in first half of year

By

IBM X-Force's mid-year threat report examined trends in vulnerability disclosures, techniques used to foist malware and risks to virtual environments, plus much more.

Adobe issues emergency patch for Reader, Acrobat

By

Adobe on Thursday issued an emergency fix for Reader and Acrobat to address a "critical flaw," first disclosed at the Black Hat conference in Las Vegas, that could allow an attacker to compromise a user's system.

Sign up to our newsletters

POLL