Adobe patches 13 critical PDF bugs in first quarterly update
Adobe issued its first regularly-scheduled security updates on Tuesday, fixing at least 13 critical flaws reported by outside researchers and secretly patching an unspecified number of bugs found by its own team.
Today's update to Adobe Reader and Adobe Acrobat comes three weeks after the company said it had revamped its security practices, and would root out vulnerabilities in old code, speed up its patching process and release regular security updates for the often-attacked PDF applications.
At the time, Adobe announced it would piggyback its quarterly updates on Microsoft's monthly Patch Tuesday, but declined to set a start date. Last Thursday, however, the same day that Microsoft issued its usual advance notice of impending patches, Adobe did the same.
"This is the first quarterly security update for Adobe Reader and Acrobat...and incorporates the initial output of code hardening efforts," Wendy Poland of Adobe's security team in a brief post to the group's blog Tuesday. "Today's updates also address externally reported issues, as detailed in our Security Bulletin."
Poland said that Adobe wasn't aware of any in-the-wild exploits for the just-patched bugs.
As is its usual practice, Adobe described the 13 vulnerabilities reported by outsiders in terse terms. "This update resolves multiple heap overflow vulnerabilities in the JBIG2 filter that could potentially lead to code execution," Adobe acknowledged in the note accompanying six of the baker's dozen.
Adobe credited 10 researchers or organizations for reporting the Reader/Acrobat vulnerabilities, including the TippingPoint bug bounty program, Apple's security team and Mark Dowd of IBM Internet Security Systems' X-Force, a researcher who frequently roots out Adobe bugs.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
adobe
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
