ID: IRCNE2011091254
Date: 2011-09-17
According to “ESecurityPlanet”, Adobe issued 'Patch Tuesday' update fixing security flaws across its respective product lines as it had promised before.
Adobe is fixing its products for at least 13 different security vulnerabilities, also issued updates on its position relative to the current threat of fraudulent SSL certificates from Certificate Authority DigiNotar.
At the end of August, attackers broke into DigiNotar and began issuing fake SSL certificates for multiple sites including Google. Multiple browser vendors including Mozilla Firefox and Microsoft Internet Explorer have since revoked DigiNotar certificates.
Adobe's Patch Tuesday update now also removes DigiNotar from the list of trusted Certificate Authorities in Adobe Reader and Reader X.
The Adobe Reader and Acrobat Patch Tuesday updates fix multiple critical vulnerabilities in Reader X, Reader 9.4.2 and Acrobat X. The flaws could potentially lead to arbitrary code execution if not patched. At the root cause are buffer, heap and stack overflow vulnerabilities in Adobe's code.
Adobe has taken steps in recent years to improve security. Brad Arkin, senior director of Product Security and Privacy at Adobe, told earlier this year that the Reader X product in general, has improved security by way of a sandbox that protects against multiple types of attacks.
Related Links:
Critical updates for Reader and Acrobat
- 3