Adobe Systems Incorporated (NASDAQ:ADBE) is planning to address some of the security vulnerabilities of older versions of Microsoft Office, especially that related to hacker threats.
Last week the software company said that it add a pop-up warning to its Flash Player, that will be triggered when possible threats are detected inside documents created with Office 2007 and earlier versions.
Adobe has issued an emergency fix for Flash to prevent two ongoing malware attacks against the world's most popular Web plug-in.
In an advisory note, Adobe announced the latest release of Flash Player 11.5, which will patch two security zero-day vulnerabilities that are actively being used by hackers and malware writers to spread malware.
Security flaws in Adobe Flash, Reader, and Acrobat could have been the cause of computer crashes recently. The software company announced today that it sent out updates for these three programs, which are meant to patch security vulnerabilities that cause such system crashes.
"These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system," the company wrote in a security bulletin today. "Adobe recommends users update their product installations to the latest versions."
Got an older computer and want to do some photo editing but lack the right software? You may be in luck, as Adobe has released the full version of Creative Suite 2 – including Photoshop CS2, InDesign 2 and other software – for free!
Earlier this month, we wrote about an alleged Adobe Reader 0-day security hole discovered by Group IB security researchers that allows an attacker to jump out of the sandbox and execute shellcode with the help of malformed PDF documents. At the time, the code was apparently already selling on the black market for “approximately 30 000 – 50 000 USD.” Adobe told us it was investigating, and the story hasn’t moved forward since, until now.
Earlier this week an allegedly Egyptian hacker calling himself ViruS_HimA hacked into an Adobe serverand stole more than 150,000 emails and encrypted passwords of Adobe employees and customers/partners of the firm including members of the US military, Google, Nasa and the UK government.
To validate his claim, ViruS_HimA published a limited set of records for users with email addresses ending in adobe.com, .mil and .gov.
Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database.
The information was released on Tuesday on Pastebin by a self-proclaimed Egyptian hacker named "ViruS_HimA." The hacker, who claimed the database accessed holds more than 150,000 records, posted links to several websites hosting a text file with 230 records.
There is new vulnerability in Adobe X which helps to execute its own shellcode with help of malformed PDF-documents with specially crafted forms.
The vulnerability is also included in new modified version of "Blackhole Exploit-Kit”, which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software.
Adobe has posted an update to address vulnerabilities in its Flash Player media platform.
The company said that the update would address flaws in all versions of its online media playing tool, including Flash Player for Android 4.0.
Adobe announced new security features this week for its Reader and Acrobat XI products, including enhanced sandboxing, Force ASLR, PDF whitelisting, and Elliptic Curve Cryptography. In addition to a number of new features enhancing Reader's and Acrobat's PDF-creation capabilities, these security measures add another layer atop previous changes that have improved a once "widely exploited" app over the past two years.
