Adobe Struggles With Cross-Product Vulnerabilities
Adobe has continued to struggle with cross-product vulnerabilities in large part due to shared resources and product integration. So with little effort a vulnerability in Reader can be altered to affect Air or Flash. It is clear that Adobe is struggling with the same issues that Microsoft has recently got a handle on, namely risk managment across the complete product line. Administrators should consider an Adobe specific risk and response action plan that transverses the complete product line. Think in terms of the "Adobe Risk Trifecta."
Education is the primary tool that can deal with a host of vulnerabilities, especially if the attacks are carried out via user specific sufaces such as email. Preview.app should be set to handle PDF files, do not forget to disable auto opening in Safari. In addition Click to Flash or Flash Block are excellent tools to block flash content. For extreme cases PDF can be blocked completely at the gateway or Preview.app can run within a sand-box. Make sure that systems which are servers do not have any services or applications that are not needed before it becomes part of production deployment. Only run and load what meets the requirerments.
Adobe has posted time table for the Reader update and will most likely update Flash and Air in the coming days. Please visit the reference links for more information.
Reader Comments