Recently, Adobe released updates to Flash Player, Reader and Acrobat to mitigate critical vulnerabilities.
(prHWY.com) March 22, 2011 - Albuquerque, NM -- Albuquerque, NM, United States - Recently, Adobe issued two security bulletins to patch critical vulnerabilities in Flash Player and authplay.dll component associated with Adobe Reader and Acrobat. Adobe had first warned against the vulnerabilities last week. The latest update by Adobe mitigates the security flaws. Attackers are reportedly exploiting the vulnerability in Flash Player in the wild by sending excel files embedded with .swf file as e-mail attachment to the targeted users. Successful exploitation of the flaw could allow a remote attacker to take control of the compromised system. The vulnerability affects Flash Player 10.2.152.33 and prior versions for Windows, Solaris, Macintosh and Linux operating systems. Adobe has recommended users of these operating systems to update Flash Player to 10.2.153.1.
The company has recommended Chrome users using Flash Player 10.2.154.18 and prior versions to upgrade to 10.2.154.25. Android users using 10.1.106.16 and prior versions must upgrade to Flash Player 10.2.156.12. The company has also recommended Adobe AIR 2.5.1 users to upgrade to 2.6 to avoid exploitation of the vulnerability.
The developer has also mitigated a bug in the authplay.dll component distributed with Adobe Reader and Acrobat 10.0.1 and prior 10.x and 9.x versions for Windows and Macintosh operating systems. This vulnerability is also being exploited through e-mail attachments containing excel files embedded with .swf file. Users of Adobe Reader X (10.0.1) on Macintosh could update to X (10.0.2). The developer recommends users using Reader 9.4.2 on Windows and Macintosh to upgrade to 9.4.3. Users of Acrobat X (10.0.1) for Windows and Macintosh must update to X (10.0.2) and Acrobat 9.4.2 users to 9.4.3. No update has been released for Reader X for Windows and the developer intends to mitigate the flaw in the next quarterly update. Users of Reader X for Windows may use the Protected mode of the Reader to avoid exploitation of the bug. Users must avoid opening e-mail attachments arriving from unknown or suspicious sources. Employees could be trained to identify and avoid various Internet threats through training sessions, online degree
programs and online tutorials.
Usually, security flaws in software products are identified and mitigated by IT professionals qualified in masters of security science
, penetration testing and other security certifications. In this case, the flaw was first exploited by attackers.
Security vulnerabilities are common in software products. Developers are under constant pressure to release new versions, which mitigate discrepancies identified in previous versions. Adobe products are popular worldwide. Exploiting vulnerabilities in popular products enables attackers to compromise large number of computer systems. While developers concentrate on product innovation, attackers constantly explore and exploit security lapses. IT professionals are required to keep themselves abreast of latest threats and evolving technologies through webinars,online university degree and e-learning programs.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.