Major flaw of Adobe Reader and Acrobat 9.x is patched
By Gina on December 16, 2011 | Vulnerabilities, Adobe, Reader 9.x, security bulletin, vulnerability, patch Tuesday
Adobe released Tuesday patch for vulnerability that was found earlier in Reader and Acrobat 9.x. Attack due to Adobe was aimed towards Reader 9.x using malformed PDF documents that were attached to fictitious emails.
Day after the Adobe discovered vulnerability Symantec security researchers announced that attacks had targeted defense contractors and other individuals. As a result, hackers were hoping to steal confidential information for their malicious intentions.
Later on, Symantec found hints of Chinese involvement because of the code pieces in the simplified Chinese character set and malware's command-and-control server was traced to a Chinese IP address.
However, independent security researcher Brandon Dixon said: "The tool used to create this malicious PDF document has little modularity or sophistication. For this reason alone I have a hard time believing this attack was created by a nation-state government. Instead, I think this was done by a small group of people whose motivation would be to support their government and send data back to them. This sort of behaviour fits the Chinese hacker model and gives a bit more value to the traits identified within the document and dropper."
So, fixed versions of Reader and Acrobat 9.x will be available tomorrow from Adobe's website. Alternately, users will be able to run the programs' integrated update tool or wait for the software to prompt them that a new version is available.
More Vulnerabilities news
Shocking: 9 out of 10 websites still vulnerable to old attacks
Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.- Mozilla's decision: Firefox is blocked from running unpatched Java plugins
- Facebook still is a wonderland for cybercriminals
- Microsoft talks about dangerous flaw in a Windows
- 17 high-risk flaws are fixed in Chrome; Google pays $47,500 in bug bounties
- Google bypassed Safari's No Tracking settings
- Research reveals – 4/5 of security threats come from third-party software
- Google Wallet hack revealed
- Denial-of-service flaw is fixed by Oracle
- Firefox 9.0 and four critical flaws fixed
- Adobe Reader targeted again: Acrobat vulnerability
