A team of Google security alert: Update Reader, PDF reader software from Adobe, it includes fixes for a number of vulnerabilities.
Adobe released a new version of the Reader on Tuesday (14/8), in which about 20 were corrected flaws in versions for Mac and Windows. Despite the high number of defects covered in patches, other vulnerabilities remained untouched, according to an analysis by Mateusz Jurczyk and Gynvael Coldwind, Google .
Google Reader included in the search engine of Chrome. So has followed so closely the corrections made by Adobe. Earlier this year, the team at Mountain View giant started testing the application to find errors that could be exploited by malicious programmers.
In the last update, according to google, Adobe patched vulnerabilities as critical and high risk, but minor flaws remained untouched. “Unfortunately, 16 other flaws affecting Windows, OS X or even both systems remain unpatched,” said Google’s security team.
Adobe acknowledged having received a list of bugs from Google in late June and fought “about 75% of the problems in the short time since the report had arrived.”
“We plan to resolve the remaining issues in the next update of Adobe Reader and Acrobat,” said a spokesman for the company, Wiebke Lips, the CSO Online , via email. “Adobe is not aware of any exploits for the problems mentioned by Google.”
The political giant is offering application developers 60 days to fix errors before exposing them.On 21 and 27 June, Google notified Adobe of a total of 60 playable caches related to failures of the Reader. Not all vulnerabilities present serious security risks.
Given that Adobe does not plan to release any new update before August 27, Google decided that the best way to serve the interests of users of Chrome was to warn them about details of the bugs and how to prevent risks.
In addition to ignoring flaws in software versions for Windows and OS X, on Tuesday, Adobe is not attached no fix for the vulnerabilities reported by Google for the version of Reader for GNU Linux.
The flaws in Windows and OS X are in earlier versions of Reader. Reader X users are less susceptible to risks. However, Google says it’s possible that hackers specialized in hunting bugs can find these flaws, which increases the urgency of the disclosure.
Because there are no solutions available for unpatched vulnerabilities, Google recommends limiting the use of the Reader, or at least not outwardly open PDF documents. In addition, the company recommended to disable the extension of the Reader in the browser, at least for now.
“Users of Adobe Reader 9.x for Windows that are aware of the risk are advised to upgrade to Adobe Reader X, which provides a sandbox feature, making it more difficult – though not impossible – the exploitation of these vulnerabilities,” said team safety. “Unfortunately, the sandbox feature is not available for the latest versions of Adobe Reader for OS X or Linux.”
Because none of the vulnerabilities reported by Google hacker would go through the sandbox Reader, Adobe believes it has time to release the additional patches. “We do not believe that the outstanding issues pose a serious risk to users,” said Lips.
Reader users are notoriously known for using outdated versions of software, making them potentially unsafe. An analysis conducted last year by the company antivirus software Avast found that only 40% of users had installed the patch Reader X, released in 2010. Adobe also offers the option of automatic updates to the software.
Remember that is not the first time Google goes head to head with Adobe. Also this week, the giant officially abandoned Flash for Android.