There have been a couple of very important updates to Adobe Reader and QuickTime within the past couple of days.

First, Adobe patched a major vulnerability that could allow code execution in the Adobe Reader, which in turn could lead to the compromise of a PC.

The patch is included in Adobe Reader 8.1.2 update, which apparently fixes at least one known critical issue which could allow malicious .pdf files to be used in code execution attacks.

Secondly, QuickTime 7.4.1 patches a previously discovered vulnerability for a heap buffer overflow condition in QuickTime’s handling of HTTP responses when RTSP (Real Time Streaming Protocol) is enabled, which could lead to malicious code execution.

Advice: Patch now.

One further note: This highlights the fact that it not only your Operating System or Browser that needs to be updated from time-to-time with regards to security vulnerabilities — every piece of “third-party” software installed on your PC will also eventually need to be updated when vulnerabilities are found.

“Fergie”, a.k.a. Paul Ferguson
Internet Security Intelligence
Advanced Threats Research