Adobe has advanced its sandbox technologies in the latest Reader and Acrobat editions to deter against data theft. It's also added a number of other security features.
Researchers at security firm F-Secure said this week they have spotted a malicious PDF making the rounds that opens a legitimate copy of the Games' schedule, but in the background it tries to connect to a malicious website.
An out-of-cycle patch is coming to fix a flaw in Adobe Reader and Acrobat 9 for Windows.
Defense contractors appear to be the prime target of sophisticated malware that attempts to take advantage of an unpatched flaw in Adobe Reader and Acrobat software.
Adobe warned Tuesday of an unpatched vulnerability in its Reader and Acrobat software after catching wind of active exploits by cybercriminals.
Malware writers are borrowing a page from the Windows attack handbook with the latest Mac OS X threat.
Microsoft released five important bulletins addressing 15 flaws, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.
Microsoft is readying five "important" security bulletins for Windows and Office, while Adobe plans to release critical updates for Reader and Acrobat.
Apple on Friday issued an update for its iOS mobile operating system, addressing a security flaw being used to jailbreak iPad, iPhone and iPod Touch devices.
Adobe has sped up the planned release of updates to its Reader and Acrobat software, good news for customers now that reports of public exploits have emerged. The updates, released Thursday but not expected until next week, shore up two critical vulnerabilities, one of which has been leveraged in in-the-wild attacks, according to a revised bulletin. Reader X for Mac and Acrobat X for Windows and Mac received updates, as did Reader/Acrobat 9.4.3 for Windows and Mac. Reader X for Windows won't receive a new version until June 14, a scheduled quarterly update, because the "Protected Mode" capability prevents against exploit. The flaw being used in attacks also was present in Flash Player, but that software was patched last week.
Adobe is set to release an emergency update on Friday to its Flash Player for Windows, Mac, Linux and Solaris, shoring up a zero-day vulnerability disclosed earlier this week. Users of Flash for Google Chrome will receive the update on Thursday via the browser's auto-update mechanism. Attackers are actively exploiting the flaw under the guise of a legitimate Microsoft Word document, Adobe has warned. The company expects to provide an update no later than the week of April 25 for Adobe Acrobat X and earlier for Windows and Mac, Adobe Reader X for Mac and Adobe Reader 9.4.3 and earlier for Windows and Mac. Adobe Reader X for Windows is expected to be updated with the next quarterly release, scheduled for June 14.
Adobe on Monday warned of a "critical" zero-day vulnerability in Flash Player that attackers currently are exploiting through Microsoft Excel files.
End-users may be the weakest link, but technology exists to take security out of their hands.
Adobe on Tuesday released its quarterly security update, fixing dozens of vulnerabilities, including 29 flaws in its popular PDF viewing software Reader and Acrobat and 13 in Flash Player.
Adobe next week plans to release updates for its Reader and Acrobat software to fix critical security issues, the company said in a notification security advisory issued Thursday. Updates will be available for Reader and Acrobat X (10.0) for Windows and Mac; Acrobat 9.4.1 and earlier versions for Windows and Mac and Reader 9.4.1. and earlier versions for Windows, Mac and Unix. Updates for Windows and Mac are scheduled to be released on Tuesday, while Unix users will have to wait until Feb. 28 for a fix. - AM
Adobe X, the latest version of Adobe Reader, was released on Thursday and includes a new security feature designed to mitigate attacks against the popular PDF software. The new capability, called "Protected Mode," will force operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited. The functionality will help prevent attackers from writing files or installing malware on a victim's computer, Brad Arkin, senior director of product security and privacy at Adobe, wrote in a blog post Thursday. The capability is similar to technologies used in the Google Chrome web browser and Microsoft Office 2010, Arkin said. - AM
Adobe this week plans to issue an emergency security update for Adobe Reader and Acrobat to fix a number of critical flaws, including a zero-day vulnerability that is being exploited in the wild.
Adobe is investigating a "potential issue" in Reader that could permit the launch of denial-of-service attacks against affected computers, the company said Thursday.
A "critical" zero-day vulnerability affecting Adobe Flash Player, Reader and Acrobat is being exploited in the wild, Adobe warned on Thursday.
The number of attacks on vulnerable Java code spiked during the third quarter of the year and have reached "unprecedented" levels, a Microsoft malware expert said on Monday.
The next major version of Adobe Reader, Adobe X, slated to be released next month, will include a new security feature designed to mitigate attacks against the popular PDF software, Adobe announced on Monday. The new capability, called "Protected Mode," will force all operations that display PDF files to the user to be run inside a highly confined environment, known as a sandbox, in which certain functions are prohibited. The new functionality will help prevent attackers from being able to write files, change registry keys or install malware on an individual's computer, Adobe has said. Malicious code inside PDF files will be contained inside the Reader sandbox, instead of being installed on a user's system. — AM
Adobe on Tuesday released updated versions of its flagship Reader and Acrobat products to close a whopping 23 vulnerabilities, including two publicly known issues.
Adobe on Tuesday plans to release updates to its widely deployed Reader and Acrobat software to address a number of flaws, including a pair of known issues, the company announced Thursday.
Adobe issued a security update to address a "critical" vulnerability in Adobe Flash Player that could allow an attacker to take control of a targeted system.
Adobe on Monday revealed a "critical" vulnerability in Flash Player that can be used by an attacker to take control of a targeted system. The flaw affects Flash versions 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris and Android, according to an advisory. The same bug also impacts Adobe Reader 9.3.4 for Windows, Mac and Linux and Acrobat 9.3.4 for Windows and Mac. Adobe is not aware of any public exploits, although there have been reports of them. A fix is scheduled for Sept. 27. Also on Monday, Adobe announced it plans to fast-track its planned quarterly Reader and Acrobat patches by one week, to the week of Oct. 4. The decision comes days after Adobe disclosed a dangerous zero-day vulnerability that is being leveraged in active attacks. — DK
Adobe on Wednesday confirmed a dangerous Reader and Acrobat vulnerability, which is being exploited in the wild.
IBM X-Force's mid-year threat report examined trends in vulnerability disclosures, techniques used to foist malware and risks to virtual environments, plus much more.
Adobe on Thursday issued an emergency fix for Reader and Acrobat to address a "critical flaw," first disclosed at the Black Hat conference in Las Vegas, that could allow an attacker to compromise a user's system.
SC Magazine Articles
- PCI DSS version 3.2 release extends multifactor authentication requirement
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- New site on dark web offering one-stop ransom services
- Pwnedlist vulnerability exposed 866M accounts
- Turkish fascists claim responsibility for Qatar bank data breach
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- Report: Ransomware feeds off poor endpoint security
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects