Adobe and Apple Address Security Holes

Adobe and Apple rolled out security updates on Tuesday on top of Microsoft's lone patch for PowerPoint.

Adobe identified two "critical vulnerabilities" in Adobe Reader 9.1 and Acrobat 9.1, as well as in earlier versions of those applications. The first vulnerability could crash both applications and potentially allow control of a system by an attacker. The second vulnerability only applies to Adobe Reader running on UNIX.

Adobe describes the details in its patch advisory, but the fixes may seem like déjà vu for some IT pros.

"For the second time this year, users have been left holding the bag for security issues in Adobe products," said Andrew Storms, director of security at nCircle. "In February and again in April of this year, enterprises were trying to mitigate threats from zero-day exploits in the popular Adobe PDF products. The PDF document, once viewed as a safer alternative to the Microsoft Word format, has dropped a few rungs in security credibility."

A researcher from SecurityFocus initially had explained that the exploit existed because of how Adobe implemented JavaScript. Storms added that in both the February and April zero-day issues with Adobe, users were instructed to disable JavaScript to help mitigate the threats.

"While this advice seems plausible for the small office, for the enterprise this task is daunting and comes at the price of reduced functionality," he said.

Meanwhile, Apple Inc. got in the spotlight with a massive patch release. Nearly every popular component seems to be on the slate. The patch includes fixes for Mac OS X, iTunes, iPods, iPhones, QuickTime and the Safari browser. (Safari was hacked in less than five minutes at a recent security conference.)

A fair number of the updates are for open source applications bundled with the Mac operating system. Attackers likely have been using public disclosures of vulnerabilities in open source applications for both OS X and the iPhone to find holes in Apple products, according to Storms.

"This is a real wake up call for everyone that has been touting the Mac OS as more secure than Windows," Storms said. "Who would have thought that OS X was so insecure? Now that Apple has let the security cat out of the bag, users are encouraged to update as soon as possible because exploits will be written very quickly."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.