Adobe left the door unlocked
The past week or so has seen two critical security vulnerabilities surface in Adobe’s products. The first, discovered on the 20th February, is a vulnerability in the Adobe Reader software, used for reading PDF files by both home and business readers. Currently a malicious PDF document could run code on a computer which allows them access to the system. This vulnerability is currently ranked ‘Extremely critical’ by Secunia, the industry leader in security warnings.
Adobe Flash Player, another extremely popular and common product, was also found to have several major security issues. The alert for Flash Player was made just five days after Adobe Reader’s. However, this vulnerability is not deemed to be as dangerous since in order to be exploited the user must be physically using the computer. Nevertheless this could pose a risk in businesses, where a malicious user may exploit the vulnerability and gain access to personal information stored on the computer or network, even potentially gain privileges on the computer network in order to cause damage to the system or gain further access to sensitive information. This set of vulnerabilities creates a list of four currently unpatched and critical issues which affect Flash Player 9 and 10, Flash CS3 and CS4, as well as Adobe’s relatively new AIR product.
It is advised that users do not open PDF files from sources they do not trust. Some also suggest that alternatives are used in the place of Adobe’s Reader application – such as Foxit. Fixes for the issues are not expected until 11th March.