Bangalore:Adobe Systems, web media browser plug-in, proceeds for security updates of several vulnerabilities which include 29 in PDF viewing software Reader X, Acrobat and 13 in Flash Player. Flash Player vulnerability includes memory corruption or denial of service errors that could be exploited by an attacker to gain access to a machine and execution of code. Reader X had vulnerabilities that could cause the application to crash and potentially allow an attacker to take control of the affected system. The risk for Adobe Reader X users is significantly lower, because none of the security issues patched in this update can bypass this new capability, which forces operations that display PDF files to the user to be run inside a confined environment, known as a 'sandbox' in which certain functions are prohibited, says Adobe. The update affects Adobe Reader X running on Windows and Macintosh, Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat X and earlier versions for Windows and Macintosh. Several flaws were reported through VeriSign's iDefense Labs, including one flaw, which was among others that could be used in drive-by attacks. An attacker can inject unknown code in a web page to defer the error and gain the same benefits as the user. Along with these updates Adobe also issued updates of about five flaws affecting ColdFusion, a web application development platform and 21 flaws in Shockwave Player that allows users to have quality web content available to be viewed. ttp://www.sciencedaily.com/releases/2010/06/10062208135 |
No comments:
Post a Comment