As expected, Adobe today released an emergency update that patched a pair of critical vulnerabilities in its popular PDF viewing and editing software.
Adobe ranked both bugs as critical.
Last Thursday Adobe said it would issue a rush patch for Adobe Reader and Adobe Acrobat on Feb. 16; it made good on the promise today by addressing two flaws. One was identical to the cross-domain request vulnerability fixed last week in Flash Player, Adobe's ubiquitous media player, while the second was a vulnerability that attackers could exploit to install malware on a targeted machine.
The bug related to Flash Player, tagged as CVE-2010-0186 in the Common Vulnerabilities and Exposures (CVE) database, cannot be used to inject malicious code into a system, but could be exploited by information thieves in a cross-site scripting style of attack, said Andrew Storms, director of security operations at nCircle Network Security.
http://www.computerworld.com/s/article/9157558/
Adobe ranked both bugs as critical.
Last Thursday Adobe said it would issue a rush patch for Adobe Reader and Adobe Acrobat on Feb. 16; it made good on the promise today by addressing two flaws. One was identical to the cross-domain request vulnerability fixed last week in Flash Player, Adobe's ubiquitous media player, while the second was a vulnerability that attackers could exploit to install malware on a targeted machine.
The bug related to Flash Player, tagged as CVE-2010-0186 in the Common Vulnerabilities and Exposures (CVE) database, cannot be used to inject malicious code into a system, but could be exploited by information thieves in a cross-site scripting style of attack, said Andrew Storms, director of security operations at nCircle Network Security.
http://www.computerworld.com/s/article/9157558/