The zero-day vulnerability affecting the software could have beeen exploited if maliciously-designed TrueType font(s) were embedded into a PDF, allowing memory to be corrupted, according to security advisory provider Secunia.

“These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system,” Adobe posted in its security advisory.

An update for Adobe Flash Player has also been issued for vulnerabilities identified in version 10.1.53.64 and earlier.

“Adobe recommends all users of Adobe Flash Player 10.1.53.64 and earlier versions upgrade to the newest version 10.1.82.76 by downloading it from the Adobe Flash Player Download Center or by installing it via the auto-update mechanism within the product when prompted,” Adobe said.

“For users who cannot update to Flash Player 10.1.82.76, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.280.”

Source: IT Pro

People who downloaded Adobe Reader for Windows from Adobe’s Reader download site or Flash Player for Windows from Adobe’s Flash Player site prior to the release of the security bulletin on Tuesday are vulnerable, the company said.

The issue is resolved for any new downloads of Reader and Flash Player from those sites. Download Manager is a tool that helps users efficiently download files from web servers. It is used one time per session and is deleted when the computer is restarted. However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine,” said the security bulletin.

Check to see if you’ve got a vulnerability by seeing whether the C:\Program Files\NOS\ folder and its contents (NOS files) are present on your computer. If they are, Adobe recommends running the ‘services.msc‘ prompt and making sure that ‘getPlus(R) Helper‘ is not in the list of services. If it is, it should be removed.

Source: ZDNet

The patch is designed to address a vulnerability that could allow an attacker to take control of a computer by remotely executing code on it, according to an advisory released on Thursday. It is rated ‘low’ severity for Windows 7, Vista, XP, Server 2003 and Server 2008 operating systems.

Meanwhile, Adobe is scheduled to release a patch for a vulnerability in Adobe Reader and Acrobat on Tuesday that was discovered in mid-December, which is being exploited by attacks in the wild to deliver Trojan horse programs that install backdoor access on computers.

Adobe will also be releasing a beta test version of a new automatic updater for Reader.

Source: ZDNet

Qualys tallied 102 vulnerabilities that were found in Firefox this year, up from 90 last year. The numbers are based on running totals in the National Vulnerability Database.

However, the high number of Firefox vulnerabilities does not necessarily mean the Web browser actually has the most bugs; it just means it has the most reported holes. Because the software is open source, all holes are publicly disclosed, whereas proprietary software makers, like Adobe and Microsoft, typically only publicly disclose holes that were found by researchers outside the company, and not ones discovered internally, Qualys Chief Technology Officer Wolfgang Kandek said late on Wednesday.

Meanwhile, Adobe took the second-place spot from Microsoft this year. The number of vulnerabilities in Adobe programs rose from 14 last year to 45 this year, while those in Microsoft software dropped from 44 to 41, according to Qualys. Internet Explorer, Windows Media Player and Microsoft Office together had 30 vulnerabilities.

In a blog posting late yesterday, Symantec’s Security Response team said it had received a “tip from a source” that there was a potential zero-day vulnerability in the wild affecting Reader and Acrobat.

“We have indeed confirmed the existence of a 0-day vulnerability in these products,” the posting continued. “The PDF file we discovered arrives as an email attachment. The attack attempts to lure email recipients into opening the attachment. When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed. Symantec products detect the file as Trojan.Pidief.H.”

Adobe has since confirmed it has received and is investigating the “reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions”.

None of the programs would open so I trawled the Adobe website for an answer and found a useful Tech Note which offers a number of work-a-rounds. This can be found at:

http://kb2.adobe.com/cps/402/kb402004.html

As it turned out I just rebooted our PC’s and all the CS3 suite programs opened up.

They have remained stable for the last few hours so the problem seems to be solved.

The software maker is announcing Office Live Workspace, a free online tool for viewing, sharing and storing – but not editing – Office documents online. (Microsoft’s existing Office Live efforts will be rebranded as Office Live Small Business.) It’s not quite ready – starting from Monday customers will be able to put in their name to be part of a beta testing program expected to begin later this year.

Still, the effort is a recognition that competition is heating up in the productivity arena, an area that large rivals had basically ceded to Microsoft a few years ago. In addition to Google’s effort, which, as of earlier this month, also includes presentation software, IBM has announced its free Lotus Symphony productivity software, which prompted 100,000 downloads in its first week of availability.

Adobe, meanwhile, on Monday is expected to announce it has acquired Virtual Ubiquity, a start-up that has built a web-based word processor, called “Buzzword”, using Adobe’s Flash and AIR technologies. Adobe is also introducing a service, code-named “Share”, that allows people to share and store documents via the web.

Source: ZDNet

Apple has just revealed details of the UK version of the iPhone, which will be available from 9 November. At an event in London, Apple chief executive Steve Jobs named O2 as the exclusive mobile operator for the iPhone, which will cost £269 in addition to a monthly contract ranging from £35 to £55.

Despite the cost, a poll of more than 700 readers by ZDNet.co.uk’s sister site silicon.com found a third would switch mobile operator just to get their hands on an iPhone. The US version has already sold more than one million handsets in the first 74 days since it launched.

However, when silicon.com asked a 12-strong CIO Jury IT director panel whether they have plans to make the iPhone available to staff in the range of corporate phones they offer, only one said that they would.

Source: ZDNET