Hot on the heels of its Shockwave and Robohelp patches, Adobe has issued a patch for seven critical flaws in its Flash Player, including a zero-day universal cross-site scripting vulnerability.
Google issued a beta release of Chrome for Android earlier today. The browser provides support for modern Web standards and includes a number of compelling features that aren't available in the Android's default browser. One noteworthy Chrome desktop feature that isn't included in the mobile port, however, is the integrated Flash runtime.
Adobe has released beta code for sandboxing its heavily hacked Flash code within Firefox, in a similar fashion to the Chrome security protections added to its Reader software and Google’s Chrome browser.
Adobe is plugging critical security holes in its Adobe Reader X and earlier versions for Windows and Macintosh, and Adobe Acrobat X and earlier versions for Windows and Macintosh, as part of its quarterly patch update.
The update includes fixes for two zero-day flaws – CVE-2011-2462 and CVE-2011-4369 – in Adobe Reader and Acrobat 9.x for Windows patched on Dec. 16. Symantec had noted that CVE-2011-2462 was being actively exploited in email-based attacks against critical infrastructure industries designed to infect computers with the Backdoor.Skyipot virus.
Adobe today said it will release a patch Friday for an older version of the Reader PDF viewer to stymie attacks like those aimed at major defense contractors earlier this month.
Nine days ago, the company confirmed a critical bug in Reader and promised to fix the flaw in Reader and Acrobat 9.x this week.
InteVyDis, a Russian firm specializing in packaging software security exploits, has released a software module that can give a remote computer access to an up-to-date Windows 7 machine running the most recent version of Adobe Flash Player 11.
Attacks exploiting an Adobe Reader zero-day vulnerability appear to have targeted defense contractors and other organizations, according to security researchers.
Adobe issued a security advisory on Dec. 6 warning Adobe Reader and Acrobat users of a critical vulnerability in how the programs accessed PDF files. The flaw was also being exploited in the wild against Adobe Reader 9.x users on Windows, Adobe said.
Adobe is patching a critical zero-day vulnerability in Adobe Reader and Acrobat that could enable an attacker to take control of an affected machine.
The vulnerability exists in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6, and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh, Adobe explained in a security advisory.
Software maker Adobe Systems Inc. said Tuesday that it is laying off 750 workers, or 7 percent of its workforce, as it moves to focus on products that help people create digital content and then market it on multiple devices and platforms.
The company also slashed its earnings guidance for the quarter through Dec. 2 to account for a restructuring charge it expects to book in the quarter of $73 million to $78 million, mainly for severance payments.
Adobe Systems is working on a fix for a Flash-related vulnerability that could be used by Web sites to surreptitiously turn on a visitor's microphone or Webcam.
The problem is in the Flash Player Settings Manager on Adobe's servers and not with software on customer computers, Adobe spokeswoman Wiebke Lips told CNET today.
