In association with heise online

14 April 2010, 12:05

Adobe and Oracle close numerous holes in their products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe Logo Adobe has released security updates 9.3.2 and 8.2.2 for Adobe Reader (Windows, Mac and Unix) and Acrobat (Windows and Mac) to fix 15 security holes. While twelve of the holes have been proven to allow the injection and execution of arbitrary code, the vendor is uncertain about three further holes and has only rated them as Denial-of-Service (DoS) vulnerabilities for the time being.

Manually opening a PDF document is not necessarily required to fall victim to a successful attack. It is usually enough to point a browser with a vulnerable Reader plug-in to a specially crafted web page. No solution has so far been found for the recently disclosed "/launch" vulnerability. The vendor recommends that users disable the option "Allow opening non-PDF file attachments with external applications" under Preferences / Trust Manager.

Due to the large number of security holes fixed, users are advised to install the new versions as soon as possible. All versions of Reader can be downloaded directly (FTP link). Although Adobe say that the new updater can take care of this task automatically, the vendor's current advisory still recommends that users manually initiate the update process. Test will need to reveal whether the new updater operates with a time delay or checks for updates during start-up. In any case, a short test with the updater enabled in Adobe Reader didn't trigger anything for a long period of time.

Oracle Logo Oracle has also dealt a sweeping blow to vulnerabilities in its quarterly Critical Patch Update (CPU). The vendor closes a total of 47 holes in many of its products, among them the database, the business suites, Sun Solaris and the Java System Directory Server. As Oracle has given a critical rating to some of the holes, for instance to the Sun Ray Server vulnerability, administrators should not hesitate to install the updates at their earliest convenience.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit