 "Adobe to release critical flaw patches to Reader and Acrobat")
In Prenotification Security Advisory for Adobe Reader and Acrobat - APSB12-16 released by Adobe, it has confirmed that it will release security updates for the Adobe Reader and Acrobat X 10.1.3 and previous versions, for Windows and Macintosh on August 14, 2012. Citing flaws of a critical nature, Adobe has said in the post that the updates would address these flaws. Adobe has listed out the affected software versions:
- Adobe Reader X (10.1.3) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.5.1 and earlier 9.x versions for Windows and Macintosh
- Adobe Acrobat X (10.1.3) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.5.1 and earlier 9.x versions for Windows and Macintosh
Adobe to release security update on August 14, 2012
Importantly, the post also includes Adobe’s priority ratings for each of the affected software. Priority Ratings is a guideline to help its customers in managed environments to prioritize Adobe security updates. The company decides the priority rankings based on historical attack patterns for the relevant product, the type of vulnerability, the platform(s) affected, and any potential mitigations that may be in place.
The list gives four of the six items a priority rating of 2. Updates to software with this priority rating fix the vulnerabilities in a product that which has historically been at elevated risk. Adobe adds that there currently are no known exploits to these programmes. Going by previous experience, Adobe do not anticipate exploits are imminent. However, as a best practice, they recommend that administrators install the update soon, that is, within 30 days. The remaining two programmes have a priority rating of 1. This rating indicates that the software contains vulnerabilities that are being targeted, or those that are at a higher risk of being targeted by exploit(s) in the wild for a given product version and platform. The company recommends that administrators install these update too as soon as possible, preferably within 72 hours.
Recently, Adobe released security updates for Adobe Flash Player (11.2.202.233 and earlier versions) for Windows, Macintosh and Linux; Adobe Flash Player (11.1.115.7 and earlier versions) for Android 4.x, 3.x and 2.x. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. Reports state that the vulnerability has being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered by an e-mail message. The exploit targets Flash Player on Internet Explorer for Windows only.
Apple approved an Adobe Reader app for iOS last year . Adobe had ported over the software experience of its Reader programme via an app for iPhone, iPod Touch and iPad users, allowing iOS users to view, access, interact with, share, and print PDF files wirelessly (with AirPrint) from their iPhones, iPod Touch and iPads.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
