Apple, Adobe patch critical bugs
- — 21 September, 2010 06:22
Adobe Systems and Apple released security updates Monday, including a critical Adobe Flash Player fix for a flaw that had been used in cyberattacks.
The Adobe update is the most critical, because it fixes a flaw that has reportedly been seen in online attacks. Adobe rushed out its fix a week ahead of schedule, presumably because of concerns over the attacks.
Adobe said Monday that it had received reports of the bug being leveraged by hackers to attack Adobe Flash Player on Windows systems. This could be a big problem, because Flash Player is installed on most PCs and the flaw can be exploited to install malicious software on a victim's computer.
Symantec said Monday that it has seen a very limited number of attacks that leverage the bugs.
The FlashPlayer attacks are happening on the Web, but because Reader and Acrobat also use Flash, hackers could hit victims by tricking them into opening maliciously encoded PDFs. Adobe hasn't heard of any PDF-based attacks, though.
Adobe's update is for all supported operating systems.
Reader and Acrobat are set to be patched the week of 4 October.
Apple fixed a MacOS bug in the Apple File Protocol (AFP) that could give hackers access to files on the Mac even without the required password. "A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders," Apple said in its security advisory.
The Apple bug does not affect systems prior to Mac OS X v10.6, Apple said.