RSS Alerts

Related Links

Related Stories

  • Learn about document security
    LockLizard investigates the best approaches to document security depending on what clients want to achieve, in its white paper Document Security - a Guide to Securing Your Documents.
  • Adobe follows Microsoft down path of regular security updates
    After a number of security problems with its software that required patching, Adobe has apparently decided it is time for regular security updates.
  • Learn about how to protect data, assets and IP
    With an increasingly complex legislative and regulatory landscape, ensuring compliance can be difficult. Overtis Systems’ white paper ‘Realising Compliance’ shows how its integrated protection solution VigilancePro™2 can make the task easier.
  • Quocirca explains content security in the age of mass storage
    Bob Tarzey, service director with Quocirca, the business research analysis firm and a regular contributor to Infosecurity's Webinar series, has written a feature on the issues relating to content security and how they relate to the modern world of mass storage.
  • More problems with Adobe's security updates revealed
    Hard on the heels of problems with Adobe's security update strategies identified this week, it now seems that the installation software used by Adobe for its Reader and Flash applications has a security flaw.

News

Zero-day Adobe exploit zapped by Finjan

24 July 2009

Finjan, the business internet security specialist, claims its gateway security technology can easily counter a zero-day vulnerability of Adobe Acrobat Reader and Flash Player

According to Finjan, the zero-day vulnerability (CVE-2009-1862) - which is already being exploited in the wild - can be used to download and execute malware onto the victim's PC.

Adobe - which confirmed the exploit earlier this week - has said that it will issue a patch on July 31.

The downside of this, says Finjan, is that this effectively leaves users open to the problem until the patch is issued.

The logical solution, Infosecurity notes, is to switch to using one of the many Adobe PDF-compliant alternative applications until such time as a patch is issued.

For corporates, however, this may not be an option.

Finjan reports that its research team has tested the exploit and found that the company's unified secure web gateway successfully detected and prevented the problem, without the need for an update.

For more information about this zero-day exploit and a snapshot of the actual code as found in-the-wild, Finjan has made an explanatory posting on its blog here.

For details of the flaw on Adobe's site, look here.


 

 

This article is featured in:
Application Security Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water