Adobe and Apple Address Security Holes

Adobe and Apple rolled out security updates on Tuesday on top of Microsoft's lone patch for PowerPoint.

Adobe identified two "critical vulnerabilities" in Adobe Reader 9.1 and Acrobat 9.1, as well as in earlier versions of those applications. The first vulnerability could crash both applications and potentially allow control of a system by an attacker. The second vulnerability only applies to Adobe Reader running on UNIX.

Adobe describes the details in its patch advisory, but the fixes may seem like déjà vu for some IT pros.

"For the second time this year, users have been left holding the bag for security issues in Adobe products," said Andrew Storms, director of security at nCircle. "In February and again in April of this year, enterprises were trying to mitigate threats from zero-day exploits in the popular Adobe PDF products. The PDF document, once viewed as a safer alternative to the Microsoft Word format, has dropped a few rungs in security credibility."

A researcher from SecurityFocus initially had explained that the exploit existed because of how Adobe implemented JavaScript. Storms added that in both the February and April zero-day issues with Adobe, users were instructed to disable JavaScript to help mitigate the threats.

"While this advice seems plausible for the small office, for the enterprise this task is daunting and comes at the price of reduced functionality," he said.

Meanwhile, Apple Inc. got in the spotlight with a massive patch release. Nearly every popular component seems to be on the slate. The patch includes fixes for Mac OS X, iTunes, iPods, iPhones, QuickTime and the Safari browser. (Safari was hacked in less than five minutes at a recent security conference.)

A fair number of the updates are for open source applications bundled with the Mac operating system. Attackers likely have been using public disclosures of vulnerabilities in open source applications for both OS X and the iPhone to find holes in Apple products, according to Storms.

"This is a real wake up call for everyone that has been touting the Mac OS as more secure than Windows," Storms said. "Who would have thought that OS X was so insecure? Now that Apple has let the security cat out of the bag, users are encouraged to update as soon as possible because exploits will be written very quickly."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.