TAG | Adobe security updates plug critical holes |
|
| by Stephen Withers | |
| Monday, 10 November 2008 | |
|
Updates for older versions of Adobe software arrived last week. Intended for users of older browsers and operating systems that can't run the Flash Player 10, Flash Player 9 update addresses a number of critical security issues including cross-scripting and DNS-related vulnerabilities. While Adobe recommends that users update to Flash Player 10.0.12.36 wherever possible, anyone still running Windows 98 or Me, Mac OS X 10.3 or earlier, or Firefox 1.5 on an operating system other than Solaris is unable to do so - hence the Flash Player 9 update. The rationale behind last week's update for Acrobat 8 and Reader 8 appears similar. While Adobe's recommendation is to move from Acrobat or Reader 8.1.2 and earlier to the current version 9 release, last week's 8.1.3 updates to the two packages provide protection against multiple exploits for those that must stay with 8.x. "Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system," said Adobe officials. The 8.1.3 fixes include six flaws that could lead to remote code execution, a denial of service issue, a Unix-only privilege escalation, and a Windows-only problem that could allow Internet Security settings to be changed during a download. Again, Acrobat 8 and Reader 8 are most relevant to users of Windows 98 or Me, Mac OS X 10.3 and earlier, or Linux (the 9.x versions of the Adobe software are not yet available for Linux).
|
Tags
| < Next story in category | Previous story in the category > |
|---|
