For the second time in one week, Adobe Systems has released a set of critical vulnerability patches. An Adobe spokesperson told InternetNews.com that the vendor released six critical patches for Flash Player 9, few days after the eight patches for five-month-old vulnerabilities in Adobe Reader and Acrobat 8.

Vulnerabilities in Adobe applications are particularly dangerous because they are widely used on the Web, Chris Wysopal, chief technology officer at application security analysis vendor Veracode told InternetNews.com. Enterprises, which are slow to upgrade, will be hardest hit by these bugs, which target older versions of the Adobe applications, Wysopal said.

The vulnerabilities in Adobe's applications are all JavaScript bugs. JavaScript has a global object that experts say is the root cause of cross site scripting attacks. Together with SQL injection attacks, it comprises about 60 percent of all Web site attacks.

Other applications, such as browsers, also have JavaScript vulnerabilities, but Adobe is coming under attack because it is a convenient target. Hackers are turning their attention to applications from Adobe and other vendors using JavaScript because their traditional targets, browsers, have been hardened over the years.


Source: vnunet