News

Adobe and Apple Address Security Holes

Adobe and Apple rolled out security updates on Tuesday on top of Microsoft's lone patch for PowerPoint.

Adobe identified two "critical vulnerabilities" in Adobe Reader 9.1 and Acrobat 9.1, as well as in earlier versions of those applications. The first vulnerability could crash both applications and potentially allow control of a system by an attacker. The second vulnerability only applies to Adobe Reader running on UNIX.

Adobe describes the details in its patch advisory, but the fixes may seem like déjà vu for some IT pros.

"For the second time this year, users have been left holding the bag for security issues in Adobe products," said Andrew Storms, director of security at nCircle. "In February and again in April of this year, enterprises were trying to mitigate threats from zero-day exploits in the popular Adobe PDF products. The PDF document, once viewed as a safer alternative to the Microsoft Word format, has dropped a few rungs in security credibility."

A researcher from SecurityFocus initially had explained that the exploit existed because of how Adobe implemented JavaScript. Storms added that in both the February and April zero-day issues with Adobe, users were instructed to disable JavaScript to help mitigate the threats.

"While this advice seems plausible for the small office, for the enterprise this task is daunting and comes at the price of reduced functionality," he said.

Meanwhile, Apple Inc. got in the spotlight with a massive patch release. Nearly every popular component seems to be on the slate. The patch includes fixes for Mac OS X, iTunes, iPods, iPhones, QuickTime and the Safari browser. (Safari was hacked in less than five minutes at a recent security conference.)

A fair number of the updates are for open source applications bundled with the Mac operating system. Attackers likely have been using public disclosures of vulnerabilities in open source applications for both OS X and the iPhone to find holes in Apple products, according to Storms.

"This is a real wake up call for everyone that has been touting the Mac OS as more secure than Windows," Storms said. "Who would have thought that OS X was so insecure? Now that Apple has let the security cat out of the bag, users are encouraged to update as soon as possible because exploits will be written very quickly."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Xamarin.Forms 5 Preview Ships Ahead of .NET 6 Transition to MAUI

    Microsoft shipped a pre-release version of Xamarin.Forms 5 ahead of a planned transition to MAUI, which will take over beginning with the release of .NET 6 in November 2021.

  • ML.NET Improves Object Detection

    Microsoft improved the object detection capabilities of its ML.NET machine learning framework for .NET developers, adding the ability to train custom models with Model Builder in Visual Studio.

  • More Improvements for VS Code's New Python Language Server

    Microsoft announced more improvements for the new Python language server for Visual Studio Code, Pylance, specializing in rich type information.

  • Death of the Dev Machine?

    Here's a takeaway from this week's Ignite 2020 event: An advanced Azure cloud portends the death of the traditional, high-powered dev machine packed with computing, memory and storage components.

  • COVID-19 Is Ignite 2020's Elephant in the Room: 'Frankly, It Sucks'

    As in all things of our new reality, there was no escaping the drastic changes in routine caused by the COVID-19 pandemic during Microsoft's big Ignite 2020 developer/IT pro conference, this week shifted to an online-only event after drawing tens of thousands of in-person attendees in years past.

Upcoming Events