The publishing world may finally be facing its “rootkit scandal.” Two independent reports claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to their local “library,” tracks what happens with those files, and then sends those logs back to the mother-ship, over the Internet, in the clear. In other words, Adobe is not only tracking your reading habits, it’s making it really, really easy for others to do so as well.
Adobe and Microsoft today each independently released security updates to fix critical problems with their products. Adobe issued patches for Adobe Reader/Acrobat, Flash Player and AIR, while Microsoft pushed nine security updates to address at least 37 security holes in Windows and related software.
Microsoft has emitted a new version of EMET – its Enhanced Mitigation Experience Toolkit.
Redmond often recommends deployment of EMET as a frontline defence against attacks, so the release of a new version is noteworthy.
The big two enhancements that Microsoft is talking up the loudest are an improved Attack Surface Reduction (ASR) tool “... configured to block some modules and plug-ins from being loaded by Internet Explorer while navigating to websites belonging to the Internet Zone”.
Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.
The attacks were discovered by security researchers from Kaspersky Lab and were launched from a website set up by the Syrian Ministry of Justice to receive complaints about law violations. It’s not clear who was behind the attack, but the site had been compromised in the past by hackers.
Adobe has released a fix for a zero-day vulnerability in Flash Player, which impacts users running Windows, Mac and Linux operating systems.
The company yesterday urged Windows and Mac users to download Flash Player versions 22.214.171.124 and 11.7.700.261 (for those who cannot update to version 12.0). Those running Flash on Linux systems were directed to install version 126.96.36.1996 of the plug-in.