Adobe continues to be dogged by the vulnerability of some of its leading programs, including its own Download Manager program that was recently cited by Israeli security researcher Aviv Raff, as a serious security issue.
In late February, Adobe updated its security update on what it termed the "critical" vulnerability in Adobe Reader 9.3 for Windows and Macintosh, as well as Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. (The full security update is here.)
As noted on the CSOonline.com site, Brad Arkin, director of product security and privacy at Adobe System, spent a significant amount of time updating Adobe customers on these issues, at the recent RSA security conference.
While Arkin notes in the interview that Adobe is trying to achieve transparency, the latest fix last Tuesday in regard to its Download Manager program does not inspire confidence. For Aviv Raff's part, his response to Adobe's security release and statement on the Download Manager vulnerability that he as well as Dutch researcher Yorick Koster discovered was to note the company was reticent in his opinion to fully admit the design flaw.
Raff notes on his blog post, "I think they missed the whole point here. While it is true that Adobe Download manager is removed upon computer restart, the user, who has just updated their Adobe product (usually without requirement to restart the computer after the update), is still expose to forced automatic installation when they start their computer."
Raff also stated on his blog that he's already found another remote code execution flaw in the Adobe Download Manager, through which "an attacker can force an automatic download and installation of any executable he desires."
For its part, Adobe has not responded to Raff's newly found code execution flaw, and is still maintaining that the vulnerability has been addressed.
It's the end of the financial year and some lucky souls are expecting a tax return. Whether or not the dollars are stacking up for you, it's worth keeping in mind this new PDF tool from Squawkfox.
OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.
Generate more, higher-quality sales leads from your PDF marketing content. Docmetrics is a web-based system that lets you capture previously unavailable reader data. Free trial.
