Adobe software vulnerable to hacks

 

Gallery

By Reuters

Posted on 11 Oct 2007 at 09:49

Adobe has admitted that some of its programs contain flaws that make computers vulnerable to attack.

Adobe has posted a notice on its website acknowledging that it unknowingly incorporated vulnerabilities into versions of Adobe Reader and Acrobat software that could allow malicious programs to get on to a PC without the user's knowledge.

Adobe believes the flaws only affect computers running Windows XP and Internet Explorer 7 and says it is working to rectify the problem, but the fix might not be available until the end of October. Rival browsers Firefox and Opera have not reported any similar problems.

Some security experts say that may not be soon enough to stop hackers determined to get malicious software past firewalls and other security software. "Users should pressure Adobe to release a patch sooner than that," says Gadi Evron, a security expert at Beyond Security.

Security experts say what makes the Adobe case disturbing is that it came to light before the company had a solution to fix the problem, which means hackers have an opportunity to exploit the situation.

The software maker would have preferred to hold off notifying the public of the flaws in the software until the fix was ready, says John Landwehr, Adobe's director of security solutions and strategy.

However, its hand was forced when the flaw was reported by Heise Security. Adobe disclosed it later that day on its own site along with instructions for working around the problem, but Landwehr says the instructions are for administrators who run corporate networks, not consumers, who will have to wait for the fix.