Apple Fixes QuickTime Vulnerabilities, Adobe Ignores Reader Flaws
Quite a week in the vulnerabilities sector, as Adobe already fixed quite a few flaws in Flash Player and AIR. Now, Apple has fixed nine vulnerabilities in QuickTime. Meanwhile, Adobe has ignored the Reader flaws that are currently pending, and could be exploited soon.
For QuickTime, most of the vulnerabilities were for buffer overflows. QuickTime is Apple’s media playback technology. Only Windows users XP SP2 and Up have to update – Mac OS X was not affected. See the security update from Apple for more information on what was fixed. You can update on QuickTime by visiting http://www.apple.com/QuickTime
As for Adobe Reader…well that’s a long story. Here’s the short version of it… A Moscow-based security firm, Group-IB, has identified a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. The vulnerability has an ability to sidestep Adobe Reader’s sandboxing mechanism, in order to exploit the code. Only working on Windows, the exploit requires users to close the web browser for it to work correctly.
Adobe spokespeople state the problem cannot be identified, and therefore there is nothing to fix.
To keep your computer protected from exploits, please see the following: