The promised updates for those who are using the Adobe Reader 9.x and Acrobat 9.x applications on a Microsoft Windows operating system have been released. Adobe had to release the unscheduled updates due to an increased number of cases of hackers exploiting a security weakness in the software which enabled them to hijack the machine, and potentially compromise confidential data.
These updates for the applications aim to prevent hackers from exploiting memory-corruption bugs, which were allowing them to hijack the Windows based machines. When Adobe became aware of the attacks, Adobe’s advisory stated that the security weaknesses were “being actively exploited in limited, targeted attacks in the wild.” It has been well documented that other versions of the applications for other operating systems such as Mac and Unix do possess the same memory corruption bugs. As there have been no instances of the security flaw being exploited on other operating system other than Windows, Adobe have taken the decision to release the patch update with other schedule updates in January.
The attacks have been traced back to as early as November 1st by researchers from antivirus provider Symantec. The hackers initially conducted the attacks by circulating harmful emails which exploited the security weakness and installed the Backdoor. Sykipot. This is a Trojan horse which gives the attacker(s) a back door entry to the compromised computer.
Despite the new updates and previous implementation of other security features such as a security sandbox, it still isn’t easy sailing for Adobe security team. A new vulnerability in the applications has been discovered and is in a remote procedure call (RPC) component. Adobe has yet to comment on how serious they perceive this security flaw to be and so far, they have only revealed that they are “only aware of one instance” of it being used.
Despite the significant security improvements that Adobe have made to their applications over the last year, new vulnerabilities seem to be discovered as previous ones are fixed. There is no doubt that the Adobe security team will keep battling and carry on improving the security of their applications.
