Security researcher casually drops Adobe Reader, Windows critical vulnerability bomb

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
A security researcher has casually revealed 15 vulnerabilities which impact on Microsoft Windows and Adobe Reader.

On Tuesday, Google Project Zero hacker Mateusz Jurczyk outlined a total of 15 critical vulnerabilities discovered within font management systems.

The research, also presented at the REcon security conference in Montreal in a talk called "One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation," (.PDF), reveals a set of nasty remote code execution and privilege escalation flaws which can be exploited through Adobe Reader or the Windows Kernel.

Jurczyk discovered a number of low to critical-severity security flaws, but the worst two,CVE-2015-3052 and CVE-2015-0093, which exist in both 32-bit and 64-bit systems, are found within the Adobe Type Manager Font Driver.
screen-shot-2015-06-24-at-16-55-04.png




Further reading
 
Last edited by a moderator:
  • Like
Reactions: LabZero and frogboy

Rolo

Level 18
Verified
Jun 14, 2015
857
OK EVERYONE BACK TO RASTER FONTS. FIXEDSYS FTW! :D

Note how the sandboxes were ineffective...
 
  • Like
Reactions: Venustus
L

LabZero

Well , about Windows , between an update and the other, sometimes. . . . I can also work ,:D but despite this is clearly not enough.

Adobe instead should think more security than filling of unnecessary features its software .
 
  • Like
Reactions: Venustus

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Well the thing must consider until now is that Adobe still complies a widely audience of selection therefore vulnerabilities have more exist, plus money can generate a lot compares to others.

Flip of events may occur if PDF alternatives are dramatically well use by majority, which makes Adobe lessen the possible target attacks.

-------------

That's the reason for browsers where GC become most targeted vulnerability attacks even its been performed the patches immediately and IE is follow to be 3rd place or near to least vulnerable.
 
  • Like
Reactions: LabZero

Rolo

Level 18
Verified
Jun 14, 2015
857
Security first? Definitely not...stifles innovation and capability.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top