The promised updates for those who are using the Adobe Reader 9.x and Acrobat 9.x applications on a Microsoft Windows operating system have been released. Adobe had to release the unscheduled updates due to an increased number of cases of hackers exploiting a security weakness in the software which enabled them to hijack the machine, and potentially compromise confidential data.

These updates for the applications aim to prevent hackers from exploiting memory-corruption bugs, which were allowing them to hijack the Windows based machines. When Adobe became aware of the attacks, Adobe’s advisory stated that the security weaknesses were “being actively exploited in limited, targeted attacks in the wild.” It has been well documented that other versions of the applications for other operating systems such as Mac and Unix do possess the same memory corruption bugs. As there have been no instances of the security flaw being exploited on other operating system other than Windows, Adobe have taken the decision to release the patch update with other schedule updates in January.

The attacks have been traced back to as early as November 1^st by researchers from antivirus provider Symantec. The hackers initially conducted the attacks by circulating harmful emails which exploited the security weakness and installed the Backdoor. Sykipot. This is a Trojan horse which gives the attacker(s) a back door entry to the compromised computer.

Despite the new updates and previous implementation of other security features such as a security sandbox, it still isn’t easy sailing for Adobe security team. A new vulnerability in the applications has been discovered and is in a remote procedure call (RPC) component. Adobe has yet to comment on how serious they perceive this security flaw to be and so far, they have only revealed that they are “only aware of one instance” of it being used.

Despite the significant security improvements that Adobe have made to their applications over the last year, new vulnerabilities seem to be discovered as previous ones are fixed. There is no doubt that the Adobe security team will keep battling and carry on improving the security of their applications.

Lockheed Martin’s computer incident response team and the Defense Security Information Exchange, who both monitor potential security threats for military contractors and other organisations, have revealed that hackers have been exploiting a weakness in the most recent versions of Adobe Reader and Acrobat applications. Adobe have confirmed this and explained that the security weakness in the applications are allowing hackers to hijack computers which are using Microsoft Windows, putting confidential data at risk of being stolen.

Adobe’s advisory commented on this and stated that the weakness in the applications is “being actively exploited in limited, targeted attacks in the wild.”

So far, hackers have only targeted computers which use the Microsoft Windows operating system and Reader 9.x. However, other versions of these applications are also vulnerable to attack.

Adobe has already taken emergency measures in an attempt to improve the security measures and aim to release an update by the end of next week. These updates will only be for the Reader 9.x and Acrobat 9.x versions.

Adobe is taking its time to release the important updates for other versions and it is expected that they will release updates for Reader X and Acrobat X and other versions that run on the UNIX and OS X operating systems on January 10^th. Brad Arkin, Adobe’s senior director of product security and privacy, has revealed that there is no need to rush with the other updates. He claimed that a security sandbox that has been built into Reader X has thwarted attacks and the versions that have been written for the operating systems, other than Microsoft Windows have not been targeted.

In a blog post, Arkin publicised the reason for staggering the release of the updates. He stated “Focusing this release on just Adobe Reader and Acrobat 9.x for Windows also allows us to ship the update much earlier. We are conscious of the upcoming holidays and are working to get this patch out as soon as possible to allow time to deploy the update before users and staff begin time off. Ultimately the decision comes down to what we can do to best mitigate threats to our customers.”

It is generally considered that Adobe’s efforts to improve the security of its software over the last year have been worthwhile as significant steps forward have been taken. The implementation of the sandbox to the version of Reader is generally seen as one of the most important factors which have helped to improve the security of the software. Another key factor is the speed that the Adobe team responds to security issues that arise and release a patch to make the application more secure.

Despite these improvements, Adobe still have some way to go as some versions of the application are still being targeted and exploited by hackers. It has been recommended that users switch to a version that hasn’t been targeted as much and those who need the software on a Windows operating system should switch to Reader X.