Two critical holes closed in Adobe Reader and Acrobat
Adobe has released an out-of-schedule security update 9.3.1 for Adobe Reader and Acrobat to close two critical security holes. Details about one of the holes already became known last week, when Adobe released an update for the Flash Player. A flaw in the processing of cross-domain requests allowed specially crafted Flash code on malicious sites to read the information of another site displayed in a different browser window. As the Reader supports JavaScript and can, in the broadest sense, also act as a web client, it can potentially access content on other pages.
The update also closes a hole discovered by Microsoft that can be exploited to inject and execute malicious code. Users only need to navigate to a specially crafted web page to become victims. That this can be done unintentionally or accidentally was demonstrated by the scareware recently deployed via the German handelsblatt.de, zeit.de and golem.de websites. Specially crafted advertising banners on these sites injected some users' systems with JavaScript code that opened a transparent iFrame which, in turn, directed users to pages containing the Neosploit exploit toolkit. The toolkit then tried to apply various exploits including some that targeted PDF, Java and QuickTime plug-ins.
Users are advised to install the versions available for Windows, Mac OS X and Unix/Linux as soon as possible; this can either be done via the automatic update feature or by manual download:
In addition, version 8.2.1 is available for Windows and Mac OS X users who are unable to update to version 9.x for certain reasons. A study
released by ScanSafe emphasises the importance of installing updates as quickly as possible. According to the study, the highest number of exploits monitored in the last quarter of 2009 targeted holes in PDF applications. ScanSafe analysed several billion web accesses. 80% of attacks exclusively targeted the Reader plug-ins in browsers.
The study also showed that 18% of attacks targeted Flash, which means that attacks on browser holes have now all but stopped. It seems that cross-browser plug-ins make work easy for criminals who no longer need to write browser-specific exploits. However, this would also mean that current tips for surfing the web with allegedly safe, alternative browsers are pointing in the wrong direction. Choosing alternative plug-ins such as the Foxit reader and creating secure configurations would be much more sensible advice.
See also:
- Security updates available for Adobe Reader and Acrobat, security advisory from Adobe.
- Adobe fixes critical vulnerability in Flash, a report from The H.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
