Adobe and Apple Address Security Holes

Adobe and Apple rolled out security updates on Tuesday on top of Microsoft's lone patch for PowerPoint.

Adobe identified two "critical vulnerabilities" in Adobe Reader 9.1 and Acrobat 9.1, as well as in earlier versions of those applications. The first vulnerability could crash both applications and potentially allow control of a system by an attacker. The second vulnerability only applies to Adobe Reader running on UNIX.

Adobe describes the details in its patch advisory, but the fixes may seem like déjà vu for some IT pros.

"For the second time this year, users have been left holding the bag for security issues in Adobe products," said Andrew Storms, director of security at nCircle. "In February and again in April of this year, enterprises were trying to mitigate threats from zero-day exploits in the popular Adobe PDF products. The PDF document, once viewed as a safer alternative to the Microsoft Word format, has dropped a few rungs in security credibility."

A researcher from SecurityFocus initially had explained that the exploit existed because of how Adobe implemented JavaScript. Storms added that in both the February and April zero-day issues with Adobe, users were instructed to disable JavaScript to help mitigate the threats.

"While this advice seems plausible for the small office, for the enterprise this task is daunting and comes at the price of reduced functionality," he said.

Meanwhile, Apple Inc. got in the spotlight with a massive patch release. Nearly every popular component seems to be on the slate. The patch includes fixes for Mac OS X, iTunes, iPods, iPhones, QuickTime and the Safari browser. (Safari was hacked in less than five minutes at a recent security conference.)

A fair number of the updates are for open source applications bundled with the Mac operating system. Attackers likely have been using public disclosures of vulnerabilities in open source applications for both OS X and the iPhone to find holes in Apple products, according to Storms.

"This is a real wake up call for everyone that has been touting the Mac OS as more secure than Windows," Storms said. "Who would have thought that OS X was so insecure? Now that Apple has let the security cat out of the bag, users are encouraged to update as soon as possible because exploits will be written very quickly."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Ending Azure Container Service Support in 2020

    Microsoft gave notice earlier this month that it will be ending its Azure Container Service on Jan. 31, 2020.

  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.