Earlier in April, Adobe updated its free Adobe Reader product to version 10.1.3 and 9.5.1. While fixing multiple vulnerabilities, the major change to the newly updated 9.5.1 version is the removal of a bundled Flash Player library file. This library file has been the source of many vulnerabilities in Adobe Reader as the vulnerability patch cycle for Acrobat Reader and Flash are different. This can be seen with version 10.1.3 which actually incorporated three previous Flash Player security updates that had been pushed out over the past three months.
Adobe does plan to remove the bundled Flash Player from the Adobe Reader 10.x in the near future, but currently the security sandbox built into the 10.x versions does provide a better level or protection than the previous versions (9.5.1 and below) that did not include the sandbox.
These changes will not affect most users as the PDF files that they use daily do not contain any Flash interactive content. For those that do use those type of PDFs, the 9.5.1 version of Reader will utilize the standalone Flash Player plug-in (usually used for Firefox, Safari or Opera).
You can find more details on the specifics on this Adobe Blog Post.
I highly recommend all users update their Adobe Acrobat Reader by running the Adobe Update utility under the Help menu, or going directly to Adobe's website to download and install the latest version (10.1.3)
While the above information is primarily targeted at Windows users, Adobe did update the mac versions of Adobe reader as well. As this CNET article points out, even the smallest patch to a widely distributed program can protect your system from future infections since these updates resolve problems that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Source: Computerworld
No comments:
Post a Comment