I can remember many heated discussions, and quite a bit of dissent when applications began the practice of ‘phoning home’ when the user launches the program. Today the constant connection may turn out to be a hazard…
In most cases the activity of tracking users and communications between a program and the software’s manufacturer was little more than an annoyance. The user could simply unplug the phone line and work privately.
Today, everything is connected to everything else, and if you don’t have that phone plug connected, some other problems can arise — other than complaining by the program. Try it some time — just unplug from the grid and see what kinds of complaints pop up as you run your programs.
Criminals these days however are digging for any possible means of compromising as many computers as possible. Since Adobe has become ubiquitous across all computing platforms, what better venue to search for a security hole. We knew it would happen sooner or later.
trap2pnet news view Security department reported on an Adobe Acrobat Reader 9 and Acrobat 9 security hole last week and the other Mac news blogs were quick to pick it up…
Adobe states:
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
A fix has been promised by March 11 for at least some of the versions
It has been reported that popular Anti-virus vendors will also be updated to watch for the exploit. Adobe’s security bulletin page will announce the updates as they become available. Macnn reports
Patches are said to be in development, but may not become available until March 11th, and then only for Reader 9 and Acrobat 9. Updates for Reader and Acrobat 8 are due afterward, to be followed by fixes for Reader and Acrobat 7. Adobe is meanwhile said to be discussing the problem with anti-virus companies such as McAfee and Symantec, which may help to mitigate immediate threats.
http://www.p2pnet.net/story/18567
http://www.adobe.com/devnet/security/security_zone/severity_ratings.html
