Zero-day flaw spotted in Adobe Illustrator
Thursday, December 3, 2009
Security researchers have published reports - which the company later confirmed - that Adobe's Illustrator application for graphic designers is vulnerable to a particular type of malicious exploit that could allow remote code execution on the machines.
A blog posting from Adobe's Product Security Incident Response Team confirmed that the company had read the security reports and was starting work on a patch that should correct the issue and put an end to exploit attempts, for which there is code already in circulation on the web.
Ryan Naraine, a computer security reporter at ZDNet, write that Illustrator's vulnerability stems from an error in parsing a particular type of file, called an .eps or encapsulated postscript file. If these files possess a certain set of characteristics, they can cause Illustrator to corrupt the computer's memory and open the way for hackers to provide the now-defenseless machine with malicious instructions.
Hackers routinely target Adobe's products, some of the older versions of which are susceptible to a number of malicious software delivery techniques. However, those attacks mostly target the company's Flash website plug-in, which is used to display rich graphics or video online.
Related News:
Cyber criminals exposed medical records - 3.8.2010
More than 18,000 patients, whose medical information is stored on the computer systems of five doctors in Torrance, California, were potential victims of identity theft in September when cyber criminals penetrated the doctors' networks, according to the Los Angeles Times.
McAfee advises companies to boost web security relating to source code - 3.4.2010
At the RSA Conference, currently taking place in San Francisco, McAfee released a report indicating that companies regularly use too few web security protocols when protecting intellectual property such as source code.
False social networking attacks provides teachable moment for web security - 2.25.2010
A unique tool developed to prevent the spread of malware from social networking websites has been recommended Processor.com, a web and network security news provider.
With global web security under siege, exports point to problems - 2.25.2010
In 2009, Garlik, a United Kingdom-based web security company, reported a 207 percent increase in malware use to overtake bank accounts. Recent events have also shown vulnerability in corporate, private and governmental web security systems.
Kaspersky reports malware growing more sophisticated - 2.24.2010
Kaspersky, a web security provider, reported Wednesday that while there is very little growth in the amount of malware currently roaming the web, it is becoming more advanced and much harder to detect.
|
