Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
A vulnerability in Foxit Reader that was disclosed back in May was thought not to be exploitable within Adobe Reader. New research proves otherwise.
Core Security Technologies, a provider of
proactive enterprise security testing solutions, has today issued a
security advisory that discloses a critical vulnerability which has the
potential to impact millions of users, both individuals and businesses,
which rely upon the Adobe Reader PDF-file browsing software.
While investigating the feasibility of
exploiting a vulnerability previously disclosed in Foxit Reader by Dyon
Balding from Secunia Research on May 20th 2008, engineers from CoreLab
(the research arm of Core Security) have discovered that Adobe Reader
is affected by the same bug.
Arguably the world’s most ubiquitous electronic document sharing
application, Adobe Reader is used to view, search, digitally sign,
verify, print, and collaborate on Adobe PDF files. It also, of course,
contains the necessary scripting functionality to enable extended
customization.
The CoreLab engineers found that Adobe Reader was capable of being
exploited to gain access to vulnerable systems using a specially
crafted PDF file containing inevitable malicious JavaScript content.
CoreLabs alerted Adobe to the vulnerability immediately, and both have
been working to coordinate patch creation efforts.
To successfully exploit this vulnerability requires a user to open that
maliciously crafted PDF file which in turn allows the attacker to gain
access to vulnerable systems, assuming the privileges of a user running
Acrobat Reader.
“As with many of today’s ubiquitous client side applications, the sheer
complexity of Adobe Reader creates a broad surface for potential
vulnerabilities and, in this case, Adobe’s inclusion of a fully-fledged
JavaScript engine introduces the same types of implementation bugs
commonly found in such sophisticated client side programs” said Ivan
Arce, CTO at Core Security Technologies.
However, Adobe has issued a security update that addresses the
vulnerable version 8.1.2 of Reader. Adobe Reader version 9, which was
released in June 2008, is not vulnerable to the reported problem.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
