DarkFiber Consulting – IT Managed Services

Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

June 23rd, 2010 . by DarkFiber Consulting

Adobe has released a security advisory to notify users of a vulnerability in Adobe Flash Player, Reader, and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code and take control of the affected system. The advisory indicates that Adobe is aware of active exploitation of this vulnerability.

DarkFiber Consulting encourages users and administrators to review Adobe security advisory APSA10-01 and apply any necessary workarounds until a fix is released by the vendor.

DarkFiber Consulting will provide additional information as it becomes available.

Adobe Releases Update for Adobe Reader and Acrobat

January 27th, 2010 . by DarkFiber Consulting

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Security Bulletin APBS10-02 and apply any necessary updates to help mitigate the risks. 

Adobe Releases Security Bulletin for Adobe Reader and Acrobat

October 14th, 2009 . by DarkFiber Consulting

Adobe has republished security bulletin APSB09-015 to address multiple vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities may allow an attacker to execute arbitrary code, escalate local privileges, or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe security bulletin APSB09-015 and apply any necessary updates. 

Adobe Releases Security Bulletin for Critical Vulnerability

October 14th, 2009 . by DarkFiber Consulting

Adobe has released security bulletin APSB09-15 to alert users of a critical vulnerability in Adobe Reader and Acrobat. Adobe indicates that it has received reports of active exploitation of this vulnerability. Release of an update for this vulnerability is scheduled for Tuesday, October 13.

DarkFiber Consulting encourages users and administrators to take the following actions to help mitigate the risks:

  • Review Adobe Security Bulletin APSB09-15.
  • Disable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check “Enable Acrobat JavaScript”).

Adobe Reader, Acrobat and Flash Player Vulnerability

July 30th, 2009 . by DarkFiber Consulting

Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the security advisory and implement the following workarounds until a fix is available:

  • Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: “%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll” and “%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”.

Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-204A.

DarkFiber Consulting will provide additional information as it becomes available.

Adobe Releases Security Updates for Adobe Reader and Acrobat

July 2nd, 2009 . by DarkFiber Consulting

Adobe has released security updates to address multiple vulnerabilities that affect versions of Reader and Acrobat up to and including Reader 9.1.1 and Acrobat 9.1.1. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Adobe Security Bulletin APSB09-07 and apply any necessary updates to help mitigate the risks. Additional information regarding these vulnerabilities can be found in Technical Cyber Security Alert TA09-161A.

Adobe Reader and Acrobat JavaScript Vulnerabilities

May 9th, 2009 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of two vulnerabilities affecting Adobe Reader and Acrobat. The JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be manipulated to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk:

  1. Open the General Preferences dialog box
  2. From the Edit menu, select Preferences and then choose JavaScript
  3. Un-check Enable Acrobat JavaScript

Additional information regarding these vulnerabilities can be found in the Adobe PSIRT blog entry and in the Vulnerability Notes Database. DarkFiber Consulting will provide additional information as it becomes available.