Tag Archives: adobe

Time to Patch: Loads of Security Issues in Adobe Reader and Microsoft Windows

Hacker Mateusz Jurczyk from Google’s Project Zero disclosed 15 remote execution vulnerabilities, most of them for Windows and the Adobe Type Manager Font Driver. He  presented his findings at the Recon security conference and aptly named his research “One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation”.

According to his blog the most serious and interesting security issue he discovered so far was a really reliable BLEND instruction exploit. Jurczyk writes that “the extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) – thus making it possible to create an exploit chain leading to a full system compromise with just a single bug – makes it one of the most interesting security issues I have discovered so far.”

He also shared two videos in which he shows how he successfully exploits the Adobe Reader 11.0.10 using the BLEND vulnerability (CVE-2015-3052), accompanied by sandbox escapes via ATMFD.DLL in the Windows Kernel as well as a “Registry Object” vulnerability on x64 builds (CVE-2015-0090).

Jurczyk reported all of his discoveres to Microsoft and Adobe which fixed the bugs in security bulletins MS15-021 (March), APSB15-10(May) and  MS15-044 (May).

The post Time to Patch: Loads of Security Issues in Adobe Reader and Microsoft Windows appeared first on Avira Blog.

Adobe release critical security patches

Earlier this May, Adobe announced that, on Tuesday 12 May, it will release two vital updates to Adobe Reader and Acrobat that address critical security flaws.

Although Adobe has not yet announced what the issues are, all Adobe users should ensure that they install the update as soon as it becomes available to them.

Keeping your software up to date is one the simplest and most effective ways of keeping your device safe. New bugs and vulnerabilities emerge all the time and developers release updates to mitigate the threats.

For more information on how updating software helps protect your PC, watch the video below from AVG Security Awareness Director Michael McKinnon.

How updating software helps protect your PC

Video

How updating software helps keep you safe

 

 

Security Updates Coming for Adobe Reader, Acrobat

Adobe released pre-notification of security updates coming next week for its Reader and Acrobat products. The updates will address critical vulnerabilities in both products, Adobe said.