Content

Threat of the month: Adobe vulnerabilities

What is it?

A large number of vulnerabilities have been reported in Adobe Reader for all supported platforms. 

How does it work?

The vulnerabilities exist in various libraries and have different causes. One, for example, parses images embedded in PDF files. Another parses BMP images, where the image data is copied into the buffer based on the size of the image stream without performing any boundary checks. This may result in a heap-based buffer overflow, allowing execution of arbitrary code.

Should I be worried?

Adobe Reader X provides an extra layer of defense via the new sandbox feature, but since one of the reported vulnerabilities allows bypassing this feature, all users, regardless of version, should be cautious when opening PDF files.

How can I prevent it?

Adobe released updated versions (10.1.1, 9.4.6, and 8.3.1), which should be installed to address the vulnerabilities.

Source: Carsten Eiram, chief security specialist, Secunia



Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.