Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    1:58 am (UTC-7)   |    by

    Adobe released some major security updates for its products, particularly Adobe Reader and Acrobat, on all platforms (Win, Mac OS, Linux) and we strongly encourage our readers to install these updates. For details, the Adobe blog is worth reading as well.

    This update is in line with a recent zero-day attack that we also reported earlier this month.

    Adobe PDF was a main target for malware writers during the last months so we are very delighted to see this response from Adobe. We strongly advise users to install these updates as soon as possible.

    Update as of July 3, 2010, 10:27 a.m. (UTC)

    The recent Adobe patch included a fix for the oft-abused /launch vulnerability that when successfully exploited can allow files embedded in .PDF files to be dropped and executed on systems. This feature has now been modified. While the feature was not totally disabled, Adobe has chosen to implement a black list to prevent .EXE files from running on a system by default. (System administrators can choose to re-enable this if they want to.) Details for the fix can be found here.

    However, reports indicate that the current fix does not completely solve the problem, as a proof-of-concept (PoC) code bypassing Adobe’s solution has been released. Adobe has acknowledged this but believes that the current solution still reduces risks of attack.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice