Das PDF-Format wird inzwischen erheblich für Angriffe auf User verwendet, indem kompromittierender Schadcode in die Dateien eingefügt wird. Laut Erhebungen des Anti-Viren Software-Herstellers F-Secure im Sommer des letzten Jahres soll das PDF-Format mittlerweile sogar der Träger Nummer 1 sein, wenn es darum geht Schadcode "an den Mann zu bringen".

Der aktuelle Adobe Reader läuft unter Windows ab Windows 2000 SP4, Mac OS X und Linux/UNIX. Eine schlanke Alternative ist Foxit Reader.

Quelle: F-Secure

Hinweis:

Adobe veröffentlich nur größere Produktaktualisierungen als Setup-Dateien für Windows und OS X. Bei einer Neuinstallation muss so zuerst die Version 9.3 respektive 8.2 installiert und diese dann manuell oder über das Internet aktualisiert werden.

• Adobe Reader 9.3.4 bzw. 8.2.4 beinhalten Sicherheitsverbesserungen, die im Security Bulletin APSB10-17 beschrieben werden:
  
  
  • These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).
  • These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240).
  • These updates incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.
• Systemanforderungen

• Adobe Reader 9.3 [Windows]
• Adobe Reader 9.3.4 (Update) [Windows]


• Adobe Reader 9.3 [Mac OS X - Intel]
• Adobe Reader 9.3.4 (Update) [Mac OS X - Intel]


• Adobe Reader 9.3 [Mac OS X - PPC]
• Adobe Reader 9.3.4 (Update) [Mac OS X - PPC]


• Adobe Reader 9.3.4 [Linux]


• Adobe Reader 9.3.4 [Solaris - x86]


• Adobe Reader 8.2 [Windows]
• Adobe Reader 8.2.4 (Update) [Windows]


• Adobe Reader 8.2 [Mac OS X - Intel]
• Adobe Reader 8.2.4 (Update) [Mac OS X - Intel]


• Adobe Reader 8.2 [Mac OS X - PPC]
• Adobe Reader 8.2.4 (Update) [Mac OS X - PPC]


• Weitere Versionen

• Offizielle Internetpräsenz
• Feature Request / Bug Report einsenden

Das Update behebt 15, teils kritische, Sicherheitslücken und viele weitere Fehler. Das PDF-Format wird inzwischen erheblich für Angriffe auf User verwendet, indem kompromittierender Schadcode in die Dateien eingefügt wird. Laut Erhebungen des Anti-Viren Software-Herstellers F-Secure im Sommer des letzten Jahres soll das PDF-Format mittlerweile sogar der Träger Nummer 1 sein, wenn es darum geht Schadcode "an den Mann zu bringen".

Der aktuelle Adobe Reader läuft unter Windows ab Windows 2000 SP4, Mac OS X und Linux/UNIX. Eine schlanke Alternative ist Foxit Reader.

Quelle: F-Secure

Hinweis:

Adobe veröffentlich nur größere Produktaktualisierungen als Setup-Dateien für Windows und OS X. Bei einer Neuinstallation muss so zuerst die Version 9.3 respektive 8.2 installiert und diese dann manuell oder über das Internet aktualisiert werden.

Changelog:

• Adobe Reader 9.3.2 bzw. 8.2.2 beinhalten Sicherheitsverbesserungen, die im Security Bulletin APSB10-09 beschrieben werden:
  
  
  • This update resolves a cross-site scripting vulnerability that could lead to code execution (CVE-2010-0190).
  • This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-0191).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0192).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0193).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0194).
  • This update resolves a font handling vulnerability that could lead to code execution (CVE-2010-0195).
  • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0196).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0197).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0198).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0199).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0201).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0202).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0203).
  • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0204).
  • This update resolves a heap-based overflow vulnerability that could lead to code execution (CVE-2010-1241).
• In dieser Version wurden die folgenden Probleme behoben:
  
  
  • PDF Maker

    2560751: Word document uploaded on the acrobat.com service runs into a timeout situation

  
  
  • Viewer

    2558546: Loading pdf multiple times in same process caused memory leak in windows browsers

  
  
  • Security

    2468381: Watermark visibility remains unchanged for a policy protected document (with watermark) when using it as background or foreground

    2501756: Long term validation data for the OSCP response is not being embedded in the signature at signing time which results in invalid signatures that should be valid.

    2518893: PPKlite plugin crashes when validating digital signatures

  
  
  • 3D

    2460950: Reader in the browser crashes when viewing some PDF files

    2525795: Performance degradation experienced after setting preferences to "Render points as cross-hairs when opening a PDF file

  
  
  • Trust Manager

    2537842: A PDF file trusted for Javascript still shows the Yellow bar and does not execute the javascript

    2537849: When a PDF is added as a privileged location in Enhanced Security, Acrobat deletes the entry 'cAlwaysTrustedForJavaScript' under Key-\TrustManager\cTrustedFolders\

    2558503: Adding a privileged location host from the Options button on the JavaScript injection Yellow Message Bar populates 1/2 of the privileged location keys it should.

    2558529: bDisableTrustedSites and bDisableTrusted folders does not consistently prevent Options button from appearing on Yellow Message Bar for certain workflows.

    2553890: Reader removes the “cAlwaysTrustedForJavaScript” value and places it in the “cUnsafeJavaScript” key with the same value when the same exact web site value is place in the Trusted Hosts UI for Enhanced Security



• Systemanforderungen

• Adobe Reader 9.3 [Windows]
• Adobe Reader 9.3.2 (Update) [Windows]


• Adobe Reader 9.3 [Mac OS X - Intel]
• Adobe Reader 9.3.2 (Update) [Mac OS X - Intel]


• Adobe Reader 9.3 [Mac OS X - PPC]
• Adobe Reader 9.3.2 (Update) [Mac OS X - PPC]


• Adobe Reader 9.3.2 [Linux]


• Adobe Reader 9.3.2 [Solaris - x86]


• Adobe Reader 8.2 [Windows]
• Adobe Reader 8.2.2 (Update) [Windows]


• Adobe Reader 8.2 [Mac OS X - Intel]
• Adobe Reader 8.2.2 (Update) [Mac OS X - Intel]


• Adobe Reader 8.2 [Mac OS X - PPC]
• Adobe Reader 8.2.2 (Update) [Mac OS X - PPC]


• Weitere Versionen

• Offizielle Internetpräsenz
• Feature Request / Bug Report einsenden

» Kommentare

Der aktuelle Adobe Reader läuft unter Windows ab Windows 2000 SP4, Mac OS X und Linux/UNIX. Eine schlanke Alternative ist Foxit Reader.

Quelle: F-Secure

Changelog:

• Adobe Reader 9.3 bzw. 8.2 beinhalten Sicherheitsverbesserungen, die im Security Bulletin APSB10-02 beschrieben werden:
  
  
  • This update resolves a vulnerability in the parsing of JPEG data that could potentially lead to code execution (CVE-2009-3794).
  • This update resolves a data injection vulnerability that could potentially lead to code execution (CVE-2009-3796).
  • This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3797).
  • This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3798 ).
  • This update resolves an integer overflow vulnerability that could potentially lead to code execution (CVE-2009-3799).
  • This update resolves multiple crash vulnerabilities that could potentially lead to code execution (CVE-2009-3800).
  • This update resolves a Windows-only local file name access vulnerability in the Flash Player ActiveX control that could potentially lead to information disclosure (CVE-2009-3951). This updates the previously patched issue, CVE-2008-4820.


• In dieser Version wurden die folgenden Probleme behoben:
  
  
  • PDF Maker

    2478552: Fixed an issue where PDFMaker was loading in Office 2010 with 9.x version of Acrobat.

  
  
  • Viewer

    2485091, 2482589: Fixed a 9.2 Snow Leopard out of memory and crash issue where the progress bar causes extreme performance problems when the progress bar of Acrobat gets refreshed a large number of times during an operation.

    2445056: Fixed a 9.2 issue where closing PDF causing a Firefox crash when multiple profiles have been started. When there are multiple instances of Firefox.exe running with the profile option of –no-remote and user tries to close the instance that has a PDF document opened, the user gets “Memory could not be read” error.

    2481139: Fixed a 9.2 issue where Reader loaded forms in the background but didn’t show the busy cursor.

  
  
  • Web Capture

    2465504: Fixed a 9.2 issue where Web Capture sets check box values as checked by default. HTML tag for Checkbox "value" and State were not getting honored.

  
  
  • Collaboration

    2465483: Fixed a 9.2 issue where a reviewer’s xml gets overwritten and comments are lost after a user exits and opens the PDF again in shared review, the previous comments were deleted.

  
  
  • Accessibility

    2464216: Fixed an Adobe Reader 9.2 issue where it did not trigger the speech synthesizer while clicking on any text fields of the customer PDF form (Jaws 11).

  
  
  • XPS conversion

    2458933: Fixed a 9.1.3 issue where converting XPS file with the XPS2PDF Conversion plug-in yielded an incorrect page layout and missing items in the resulting PDF file.

  
  
  • Security

    2451794: Fixed a 9.1.3 issue where Acrobat did not display the Save As dialog when the user signs the PDF using digital signature; cannot sign using the Microsoft Base CSP.

    2425955: Fixed a 9.1.2 issues where an error encountered while signing: “The Windows Cryptographic Service Provider reported an error. Error code 2148073504” after a number of digital signal signatures have been produced successfully.

  
  
  • 3D

    2460633: Fixed a 9.2 issue where importAnXFDF does not import 3D views properly when the XFDF contains views associated with a 3D annotation.

  
  
  • Annotations

    2451592: Fixed a 9.1.3 issue where no comments can be viewed after saving a document with corrupt annotations. When user does a Save As operation on a PDF with corrupted annotations and then opens other documents in the same Acrobat session, then any annotations on these documents fail to display.

  
  
  • Printing

    2402932: Fixed a 9.1.1 issue where files with large paper sizes are printed blank with the 7500 Xerox driver when "choose paper source as PDF size" and "use custom size when needed" are both on.

    2300251: Fixed a 9.1.1 issue where the output is clipped and printed with wrong orientation when printed using "Use custom paper size when needed" and "Choose Paper Source by PDF page size" as ON.

  
  
  • Forms

    2371660: Fixed a 9.2 issue where when the user invokes web services from within a PDF that are protected using WS Security, the SOAP header in the SOAP request that sent from the server to the PDF doesn't conform to the WSSE specification. Recommended action: No action is required in most cases. If server code was written that checked for the incorrect headers, that code may need to be revisited.

    2445047: Fixed an issue in 9.2 where submitForm causes xml data to be attached as *.tmp when parameter oXML is used and cSubmitAs is set to 'XML'. Customizing the XML data using oXML parameter and then calling submitForm to email the data caused the data to be attached with .tmp attachment rather than .xml attachment. Recommended action: If a server process is receiving and parsing the attachments, look for either a ".tmp" or a ".xml" extension.



• Systemanforderungen

• Adobe Reader 9.3 [Windows]
• Adobe Reader 9.3 [Mac OS X - Intel]
• Adobe Reader 9.3 [Mac OS X - PPC]
• Adobe Reader 9.3 [Linux]


• Adobe Reader 8.2 [Windows]
• Adobe Reader 8.2 [Mac OS X - Intel]
• Adobe Reader 8.2 [Mac OS X - PPC]


• Weitere Versionen

• Offizielle Internetpräsenz

» Kommentare