Tuesday, August 6, 2013

Critical Adobe Security Update:
Digital Editions v2.0.1


We now have another insecure Adobe application to worry about. This time it's Adobe Digital Editions.

Adobe WHAT?

Here is how Adobe describes their application-with-critical-security-holes, Digital Editions:
Adobe® Digital Editions software offers an engaging way to view and manage eBooks and other digital publications. Use it to download and purchase digital content, which can be read both online and offline. Transfer copy-protected eBooks from your personal computer to other computers or devices. Organize your eBooks into a custom library and annotate pages. Digital Editions also supports industry-standard eBook formats, including PDF/A and EPUB.
For those who care, and those who use Digital Editions, here is the Security Bulletin:

Adobe has released a security update for Adobe Digital Editions for Windows and Macintosh.  This update addresses a vulnerability in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installation using the instructions provided in the solution section above.

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-1377).
Yes, another bad memory management security hole, the #1 source of security holes in modern coding.

And yes, another way for a mere application on your Mac to allow a malware rat to 'take control' of your entire computer. It doesn't get worse. (o_0)That's a terrific reason to NOT install Digital Editions, or if you can, uninstall it until Adobe get their act together and seriously sandbox the thing.


No comments:

Post a Comment