Adobe’s latest quarterly security update mitigates multiple vulnerabilities associated with different products. The security update resolves 13 security flaws associated with Adobe Reader and Acrobat, which include three buffer overflow and six memory corruption vulnerabilities. The update also resolves one heap overflow, DLL loading, security by-pass and one cross document script execution vulnerabilities. The update for security by-pass vulnerability only applies to Adobe Reader and Acrobat X (10.X). Adobe has resolved 24 security flaws associated with Shockwave player for Windows and Mac. The mitigated vulnerabilities include multiple memory corruption, integer overflow, and buffer overflow vulnerabilities associated with different components of the Shockwave player. The developer has also mitigated a critical memory corruption vulnerability associated with Flash Player. The security flaw may cause Flash Player to crash, and allow an attacker to gain control of the affected computer system. Attackers are reportedly exploiting this vulnerability in the wild.
The quarterly security update resolves cross-site request forgery, and denial-of-service vulnerabilities in ColdFusion, rated important by the developer. The update also addresses two security issues associated with LiveCycle Data Services, and Blaze DS.
Software products are vulnerable to security flaws caused by coding errors, changes in the usage environment, or wrong assumptions made by the developers. Attackers constantly strive to detect and exploit security flaws in software products. Flaws allow attackers to infect, compromise, and make unauthorized use of computer systems. Internet users must adhere to the latest security update issued by Adobe to safeguard their computer systems from malware and other sophisticated threats.
Adobe Reader, Acrobat ad Flash Player are widely used in organizations. Adobe products are one of the popular targets of attackers. Usually, attackers send a cleverly crafted malicious e-mail enticing users to click on a link, or download attachment. When unwary users click on the link or attachments, they inadvertently download malicious files in their computer systems. Organizations must educate users on file download policy, security threats arising from download of files arriving from suspicious sources, and information storage and handling. Online tutorials, e-learning and online IT degree programs may help employees in gaining insights on security threats and information security practices.
Professionals qualified in IT degree programs and masters of security science may help organizations in making fair assessment of security threats, devising appropriate security policies, and identification, prioritization and implementation of security updates. Regular training through workshops, seminars, and online IT courses is crucial for IT professionals to understand evolving security threats, and implement preventive mechanisms to safeguard the network security apparatus.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: [email protected]
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
