Critical Adobe Patches

Adobe published a pretty big patch on Wednesday for its reader and acrobat programs.

The company accelerated its usual quarterly security updates by a week to encompass this "critical vulnerability." The patch fixes 23 security vulnerabilities, 18 of which would allow for remote code execution. If you're not familiar with the vulnerability, it's when an attacker gains control of software on a computer. The hacker uses this kind of exploit to take over an entire machine. Adobe's patch, meanwhile, fixes the bug that's been publicized allowing the bypass of some Windows protections like Address Space Layout Randomization (ASLR).

Adobe also confirmed that its next version of Reader will include a sandbox, which could theoretically isolate the Adobe process from the rest of your operating system. The idea is that if a user opens a malicious pdf file with Adobe, the bug could exploit the Adobe process, but wouldn't have the ability to do anything bad on the rest of the system. Sound unlikely? That's because it probably is. Experts from the SANS Internet Storm Center have reviewed some of the early documents on the new software, and let's just say there are questions in need of answers.

Adam Ross is managing editor at the SANS Institute and wrote, edited, and Web produced for The Washington Post's opinions and politics sections, online and in print. You can reach him at aross@nextgov.com.