Adobe Patches Reader, Acrobat Flaws

 
 
By Brian Prince  |  Posted 2010-02-17 Print this article Print
 
 
 
 
 
 
 

Adobe Systems has issued an out-of-band security update to patch two critical vulnerabilities in Adobe PDF and Reader.

The update fixes a critical vulnerability in Adobe Reader and Acrobat versions 9.3 and 8.2 for Windows, Mac and Unix users that could be leveraged to subvert the domain sandbox and make unauthorized cross-domain requests. A second vulnerability could be exploited to cause the applications to crash and potentially allow an attacker to take control of a vulnerable system.

The patch appears to be related to an update issued last week for Adobe Flash Player. That update plugged a hole that could also be used to make cross-domain requests, and according to Adobe affected Adobe Flash Player version 10.0.42.34 and earlier.

For more on Adobe's approach to security, read eWEEK's discussion with Brad Arkin, Adobe's director of product security and privacy.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel