Adobe blocks vulnerabilities in Reader, Flash Player

Article

Adobe blocks vulnerabilities in Reader, Flash Player

Ron Condon

With a new potential vulnerability announced for Adobe Reader and a new security update to help fix a serious flaw in Adobe Flash Player, last weekend was a busy time for Adobe Systems Inc.

Adobe Reader
The company said it is investigating the publication of a proof-of-concept code demonstrating a denial of service (DoS) attack targeting a zero-day vulnerability in Adobe Reader. The company said it has detected no incidents of the code being used by attackers.

In the meantime, Adobe is recommending users enable the JavaScript Blacklist Framework to prevent attackers from targeting the flaw. The framework was introduced in versions 9.2 and 8.1.7. It allows users to block certain vulnerable APIs without disabling JavaScript altogether.

The framework can be applied to Adobe Reader 9.2 and later, and Adobe Read 8.1.7 and later. Detailed instructions for how to make the changes, for both Windows and Mac systems, are available on the Adobe PSIRT blog.

Adobe Flash Player
Adobe has issued Adobe Flash Player 10.1.102.64, fixing 18 critical vulnerabilities in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris. The vulnerabilities could cause the application to crash and allow an attacker to execute code to take control of an affected system.

A vulnerability in Adobe Flash Player 10.1.95.1 for Android operating systems will be fixed with an update due to be released Nov. 9.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy