QUOTE
Title: Adobe Acrobat Reader Remote Code Execution Vulnerability
Severity: HIGH
Description: Adobe Acrobat Reader is prone to a remote code-execution vulnerability when handling specially malformed PDF files.
Successful exploits may allow an attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts will likely result in denial-of-service conditions.
Severity: HIGH
Description: Adobe Acrobat Reader is prone to a remote code-execution vulnerability when handling specially malformed PDF files.
Successful exploits may allow an attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts will likely result in denial-of-service conditions.
Sauce
QUOTE
New versions of Adobe Reader, Acrobat to arrive Tuesday
Dan Kaplan - October 09, 2009
As part of its second-ever quarterly security update, Adobe on Tuesday plans to release new versions of Reader and Acrobat to address a number of flaws, including one that is being exploited in live attacks.
Adobe is set to distribute Reader and Acrobat versions 9.1.3 and 8.1.6 for Windows, Mac and UNIX, and version 7.1.3 for Windows and Mac. The updates, to coincide with Microsoft's monthly patch release, will plug a number of vulnerabilities, including a critical bug present in version 9.1.3 that is being leveraged in targeted but limited in-the-wild attacks.
Dan Kaplan - October 09, 2009
As part of its second-ever quarterly security update, Adobe on Tuesday plans to release new versions of Reader and Acrobat to address a number of flaws, including one that is being exploited in live attacks.
Adobe is set to distribute Reader and Acrobat versions 9.1.3 and 8.1.6 for Windows, Mac and UNIX, and version 7.1.3 for Windows and Mac. The updates, to coincide with Microsoft's monthly patch release, will plug a number of vulnerabilities, including a critical bug present in version 9.1.3 that is being leveraged in targeted but limited in-the-wild attacks.
Sauce
QUOTE
Don't Get Web 2.0wned
A recent attack in which tainted banner ads served up rogue software for visitors of popular sites such as drudgereport.com, lyrics.com and horoscope.com is a stark reminder of the importance of keeping up-to-date on software patches.
According to Web vulnerability scanning firm ScanSafe, between Sept. 19 and 21, tainted ads that tried to foist malicious software cycled through some of the Web's most popular destinations (drudgereport.com receives more a million visitors per day, according to compete.com).
Unlike the attack last week from rogue ads on the New York Times Web site - which heaved bogus anti-virus software onto visitors' systems - this series of bad ads sought to drop a Trojan horse that hijacks the victim's search results, ScanSafe found.
The hostile ads tried to exploit several software vulnerabilities in order to drop the search hijackers onto victim PCs. One was a Microsoft Windows/Internet Explorer vulnerability that Redmond issued a patch to fix in July. The attackers also exploited several flaws in Adobe Reader and Acrobat, infecting systems that were missing the latest updates for those programs, ScanSafe found.
A recent attack in which tainted banner ads served up rogue software for visitors of popular sites such as drudgereport.com, lyrics.com and horoscope.com is a stark reminder of the importance of keeping up-to-date on software patches.
According to Web vulnerability scanning firm ScanSafe, between Sept. 19 and 21, tainted ads that tried to foist malicious software cycled through some of the Web's most popular destinations (drudgereport.com receives more a million visitors per day, according to compete.com).
Unlike the attack last week from rogue ads on the New York Times Web site - which heaved bogus anti-virus software onto visitors' systems - this series of bad ads sought to drop a Trojan horse that hijacks the victim's search results, ScanSafe found.
The hostile ads tried to exploit several software vulnerabilities in order to drop the search hijackers onto victim PCs. One was a Microsoft Windows/Internet Explorer vulnerability that Redmond issued a patch to fix in July. The attackers also exploited several flaws in Adobe Reader and Acrobat, infecting systems that were missing the latest updates for those programs, ScanSafe found.
Sauce
And this is just from the past few days.
So - I would advise people to uninstall (not just don't use) Adobe Acrobat Reader from their PCs and replace it with one of the free, faster, less-bloated, lightweight PDF readers that are available out there like Foxit PDF Reader or the minimalist Sumatra PDF Reader.
Foxit also acts as a Firefox plugin so any PDFs you read online appear within the Firefox window just like Adobe's Acrobat Reader only *much* quicker and more securely.
The more minimalist Sumatra acts like a stand-alone program - you click on an online PDF file, and it will open in a separate Sumatra window.
Also make sure that your Java installation is up-to-date as well as your Flash Player - a lot of malware is coming in through holes in older versions of those programs, too. You can find out what version of Java you're currently using here and Flash Player here.
Of course the key word in the title is "may". Not to mention that the article is from Feb 2009. No problems here. 