Adobe yesterday patched 29 vulnerabilities in Reader, it's PDF viewer, and 13 more in Flash, the popular Web media browser plug-in, as part of an even larger quarterly security update.
It was the first time that Adobe patched Reader X, the upgrade it issued last November that includes a "sandbox" anti-exploit technology in the Windows version.
Nearly all the Reader bugs were rated "critical," meaning that they could be exploited by attackers to plant malware on an unpatched system, although for several, Adobe wasn't certain that remote code execution was possible. Two of the 29 could lead to cross-site scripting (XSS) attacks, a common tactic by identity thieves who target browsers.
Hackers could exploit one of the vulnerabilities -- a Windows-only flaw -- to gain additional privileges on a machine.
More: http://www.computerworld.com/s/article/9208819/
............................................................................................
It was the first time that Adobe patched Reader X, the upgrade it issued last November that includes a "sandbox" anti-exploit technology in the Windows version.
Nearly all the Reader bugs were rated "critical," meaning that they could be exploited by attackers to plant malware on an unpatched system, although for several, Adobe wasn't certain that remote code execution was possible. Two of the 29 could lead to cross-site scripting (XSS) attacks, a common tactic by identity thieves who target browsers.
Hackers could exploit one of the vulnerabilities -- a Windows-only flaw -- to gain additional privileges on a machine.
More: http://www.computerworld.com/s/article/9208819/
