Adobe released this Tuesday the quarterly package of fixes for its Acrobat and Reader applications, where a vulnerability that has been exploited is addressed.
THE bug, public since mid-December, has been used by hackers since November, between limited attacks targeting specific targets and large-scale campaigns that have affected thousands of users, says the publication Computerworld.
In total, Adobe’s quarterly update package addresses eight vulnerabilities, six of which are considered critical. Security holes are classified with the phrases «may allow arbitrary code to be executed» or «may lead to code execution».
In addition to the corrections, Adobe also launched the beta version of a new update system for its applications, the outlines of which are explained in a post Adobe Reader blog.
Adobe’s fix pack ended up putting Microsoft’s first Patch Tuesday of the year in the background, which included only one security update, designed to fix a single Windows vulnerability – considered «critical» in Windows 2000 and with «low priority» «on Windows XP, Vista on Windows 7, Windows Server 2003 and Server 2008 R2.
If 2009 was not easy for Adobe, 2010 could be worse, at least in the opinion of McAfee, who, in its report «2010 Threat Predictions» points out Flash and Reader as the preferred targets of cybercriminals during this year, ahead of the usually popular applications from Microsoft.