Adobe deals with in-app security 'disaster'

January this year could be considered the month of the security flaw in Apple (Month Of Apple Bugs) products, but based on the number of vulnerabilities that appear in Adobe products, this title could be changed to " Month Of Adobe Bugs ".

Six vulnerabilities affecting Reader and Acrobat have been discovered in the past two weeks. One of these two vulnerabilities allows for inter-domain scripting (XSS) attacks, and another set of vulnerabilities allows an attacker to exploit by creating a fake PDF and tricking the user into opening.

The second group of vulnerabilities in Adobe products is equally dangerous, that is, they allow remote attackers to execute malicious code and hijack victim computers. In a warning released on Jan. 9, Adobe said hackers could insert a malicious file into Adobe Reader to exploit the vulnerability.

Adobe classified the vulnerability as "serious" (the highest level of alert); Symantec ranked the vulnerability at 8.3 / 10 points, while Secunia ranked "serious" (danger level 4/5).

Adobe also stated "merit" by Piotr Bania, a Polish security researcher, for discovering an extremely serious buffer overflow in "heap" memory.

Craig Schmugar, a security warning researcher for Avert Labs - McAfee, said the "rain" of flaws in Adobe products shows that hackers are moving away from operating system exploits to platforms. application.

According to Schmugar, due to being used very widely, cross-platform applications are the target of attracting hackers, and this also means that other products like Flash and Shockwave will also become targets. attack.

Meanwhile, Adobe patched the XSS vulnerability, which was discovered last week to allow hackers to launch attacks by inserting malicious Javascript code and web links to PDF files. Adobe ranked this vulnerability "important" - the highest level of warning (3/4 scale).

Adobe also patched an Adobe ColdFusion vulnerability, application server and software development framework for creating dynamic web content.