Adobe fixes undisclosed vulnerabilities in Reader
Adobe released on Wednesday
an update that fixes vulnerabilities in its widely used Reader document viewing
program.
Users are urged to upgrade to version 8.1.2, available
for download on Adobe's Web site.
Adobe has not given out details of the vulnerabilities, even though the company
has a section on its Web site detailing security advisories for Reader.
That could indicate that the vulnerabilities are fairly serious and could result
in a compromised PC, said Thomas Kristensen, chief technical officer for Secunia,
a security vendor in Denmark.
Secunia is performing a binary analysis of the old and new versions of Reader
to figure out the vulnerabilities. However, that analysis takes one to three
days, Kristensen said.
Kristensen said no proof-of-concept code has been seen yet and no attacks have
been reported. But people should be especially cautious of PDFs (Portable Document
Format), the common file type that Reader opens.
"PDFs are generally highly trusted," Kristensen said. "It's
a common format for exchanging information."
Secunia estimates that more than 60 percent of home PC users have the Reader
program, based on data from one of its software products that checks to see
if programs have up-to-date patches. Corporate use of Reader is less, around
30 percent, since many companies use other business applications that can open
PDFs, Kristensen said.
Hackers seized on PDFs last year after the disclosure of a protocol handling
vulnerability involving Windows. The problem allowed them to create malicious
PDF documents that would infect a PC with malicious software if opened.
Adobe officials could not be reached.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
