Adobe Systems on Jan. 7 issued a fix for two security vulnerabilities affecting its Illustrator CS4 and CS3 software.
The patch is actually a day ahead of the company’s self-imposed deadline. The fix addresses critical buffer overflow vulnerabilities impacting Adobe Illustrator CS4 (14.0.0) and CS3 (13.0.3 and earlier) on Windows and Mac operating systems. According to Adobe, the vulnerabilities could lead to arbitrary code execution.
Proof-of-concept code targeting one of the vulnerabilities, CVE-2009-4195, surfaced in December. The fixes come just days before Adobe is expected to push a fix for a zero-day bug affecting Adobe Reader and Acrobat.
For its part, Adobe is well aware that attackers have the company in their crosshairs. In an interview earlier the week of Jan. 4, Adobe security chief Brad Arkin said the company is in the midst of rolling out an automatic updater to push out security patches and would continue to look for ways to tighten its security.
“Given the relative ubiquity and cross-platform reach of many of our products, in particular our clients, Adobe has attracted–and will likely continue to attract–increasing attention from attackers,” said Arkin, Adobe’s director of product security and privacy. “However, Adobe employs industry-leading security software engineering practices and processes in building our products and responding to security issues, and the security of our customers will always be a critical priority for Adobe.”