Adobe has issued a security bulletin announcing security fixes for its Reader and Acrobat software. This follows a recent out-of-band update for Flash just last week. Adobe calls the vulnerability critical, and describes it as follows:
this vulnerability . . . could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability . . . has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe says it does not know of any attacks exploiting this vulnerability in the wild, but the urgency of this release suggests that is is very dangerous.
At the same time, Computerworld reports that 80% of all exploits come through rogue PDF files. Citing a report from ScanSafe, they quote Mary Landesman, a ScanSafe senior security researcher, who says, “Attackers are choosing PDFs for a reason. It’s not random.” Landesman also says that attackers are using PDFs as a vector for attack because they are successful.
Intego has long pointed out that malware is not limited, as many Mac users think, to viruses alone. This is one reason why Intego’s new VirusBarrier X6 combines standard malware protection with powerful network protection features, allowing the program to stop new types of attacks. While other anti-malware software for Mac is limited to a signature-based approach in detecting malware, VirusBarrier X6 uses combined threat detection techniques to stop all types of attacks.