Adobe Releases Latest Security Updates, But Updates Angers Some Google Chrome UsersBy Erwin Castro, UniversityHerald Reporter
Adobe Systems this week released its first security updates for this year, updating its Flash Player, Adobe Reader and Acrobat products for critical vulnerabilities that could allow attackers to install malicious software on computers.
The patches come one month after confirmation from Microsoft and Google that they will be accelerating the deprecation of Flash in Edge and Chrome.
Adobe Patches Flash Player, Reader, and Acrobat
According to Computer World, the Adobe Flash Player update fixes 13 vulnerabilities, in which 12 that can lead to a remote code execution attacks and one that allows attackers to bypass a security restriction and disclose information. Adobe is not aware of any exploit for these flaws existing in the wild.
However, the latest Reader and Acrobat update were much beefier, patching more than two dozen vulnerabilities affecting Adobe versions 11.0.18 and earlier versions.
The updates address 29 vulnerabilities in Reader and Acrobat, in which 28 of those bugs can lead to arbitrary code execution on the host system, while the remaining one is a security bypass flaw.
Most of the Acrobat and Readers bugs are said to type confusion, memory corruption issues, along with buffer overflow flaw. Like with the Flash Player vulnerabilities, Adobe is not aware of any of these critical vulnerabilities being exploited in the wild.
Adobe Latest Update Came Under Fire
Adobe has finally addressed the latest security vulnerabilities for Acrobat, Adobe Reader, and Flash this week, Unfortunately, the latest Adobe update has received an unwelcome surprise and criticisms from Chrome users. Chrome users are angry when Adobe bundled the browser plugin with Adobe security updates.
According to Ars Technica, some users are complaining that the Google Chrome browser was prompting them to enable an extension from Adobe Flash, a move that sounds unpopular for most Chrome users.
However, the Chrome extension does a lot of things for the user, like providing a quick way to convert a Web page into a PDF if the users have a full, paid version of Acrobat.
The Chrome extension also allows the users to open PDFs in Adobe Reader rather than using Google Chrome's built-in PDF support. In addition, the Adobe extension also collects basic information and sends it back to Adobe. This tracking feature appears to be on by default, but it can be disabled through the extension's options page. Adobe claims that the collected information is anonymous and does not include URL data.
With latest Reader update, Adobe is automatically prompting users to install a Chrome extension which includes telemetry. Says no URLs. pic.twitter.com/PnDV4Zy0fv
— SwiftOnSecurity (@SwiftOnSecurity) January 10, 2017