Adobe Issues Two Fresh Patches

The first update is for RoboHelp 10 on the Windows operating system, a publishing software that enables users to collaboratively develop HTML 5-based video-enabled websites. This update addresses a vulnerability that could allow an attacker to run malicious code on the affected system by exploiting a memory corruption vulnerability (CVE-2013-5327).

The second addresses issues in both Adobe Reader and Acrobat XI (11.0.04) for Windows. The fix addresses a regression that occurred in version 11.0.04, affecting Javascript security controls. It permitted the launch of Javacript scheme URIs when viewing a PDF in a browser (CVE-2013-5325).

Adobe Reader and Acrobat X (10.1.8) and earlier versions for Windows are not affected, and neither are versions of Adobe Reader and Acrobat for Macintosh.

Neither vulnerabilities have known exploits associated with them. 

Last week, Adobe revealed that it had been the victim of a massive data breach that resulted in attackers lifting the source code for Adobe’s ColdFusion Web application server, the Acrobat PDF application and Adobe Publisher. Worse, they made off with 2.9 million customer records, including encrypted credit card numbers.

"Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products,” said Brad Arkin, Adobe's CSO." He added that the hackers also took customer IDs and encrypted passwords, and card details on 2.9 million Adobe customers, "including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders."

Adobe has contacted the FBI and is working with the LEA on its investigation – but has made no further public statement.

What’s Hot on Infosecurity Magazine?