MAAS History
Archives
« APPLE-SA-2010-09-20-1 Security Update 2010-006 | Main | APPLE-SA-2010-09-08-1 iOS 4.1 for iPhone and iPod touch »
Tuesday
Sep142010

Adobe Struggles With Cross-Product Vulnerabilities

Adobe has continued to struggle with cross-product vulnerabilities in large part due to shared resources and product integration. So with little effort a vulnerability in Reader can be altered to affect Air or Flash. It is clear that Adobe is struggling with the same issues that Microsoft has recently got a handle on, namely risk managment across the complete product line. Administrators should consider an Adobe specific risk and response action plan that transverses the complete product line. Think in terms of the "Adobe Risk Trifecta."

Education is the primary tool that can deal with a host of vulnerabilities, especially if the attacks are carried out via user specific sufaces such as email. Preview.app should be set to handle PDF files, do not forget to disable auto opening in Safari. In addition Click to Flash or Flash Block are excellent tools to block flash content. For extreme cases PDF can be blocked completely at the gateway or Preview.app can run within a sand-box. Make sure that systems which are servers do not have any services or applications that are not needed before it becomes part of production deployment. Only run and load what meets the requirerments.

 Adobe has posted time table for the Reader update and will most likely update Flash and Air in the coming days. Please visit the reference links for more information. 

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (2)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.