[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Adobe Reader, Acrobat updates fix 17 critical holes
From: InfoSec News <alerts () infosecnews ! org>
Date: 2010-06-30 5:25:07
Message-ID: Pine.LNX.4.61.1006300024590.11268 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://news.cnet.com/8301-27080_3-20009190-245.html
By Elinor Mills
InSecurity Complex
CNet News
June 29, 2010
Adobe on Tuesday released updates for Reader and Acrobat that plug 17
critical holes, including one being exploited in the wild to take
control of computers and one that could be used to launch an attack
using social engineering and PDF files.
Adobe warned about the vulnerability being used in attacks, which also
affected Flash Player, in early June and plugged the hole in Flash on
June 10.
Meanwhile, the PDF vulnerability was made public in late March by
security researcher Didier Stevens, who fashioned a proof-of-concept
attack that relied on the "/launch" functionality. Another researcher at
NitroSecurity took advantage of the same flaw to create a
proof-of-concept attack about a week later.
"We added functionality to block any attempts to launch an executable or
other harmful objects by default," Adobe's Steve Gottwals, wrote in a
blog post on Tuesday. "We also altered the way the existing warning
dialog works to thwart the known social engineering attacks."
[...]
_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic