Bugs & Fixes: Microsoft, Adobe issue new security bulletins

Another week, another pair of security warnings from Microsoft and Adobe.

Microsoft batted lead-off with a bulletin that revealed “eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user.” The potential danger affects Microsoft Office for Mac 2004, 2008, and 2011. The solution is to install the latest updates to these software packages. A Macworld article has more details.

Next up to bat: Adobe (less than two weeks from their prior trip to this dubious plate). Their latest bulletin warns: “A critical vulnerability has been identified in Adobe Flash Player and earlier versions. This memory corruption vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages.” Their recommended solution is to update to Adobe Flash Player (at least until Adobe discovers a new critical vulnerability with this latest version). There are also related updated versions of Adobe Reader and Acrobat. Again, a Macworld article has more details.

I have a few lingering questions:

What is it with all these recently exposed ways to gain unauthorized control of a computer? Have hackers figured out some new core techniques that are just now being exploited — again and again? Or is it a coincidence that this past year has seen a steady flow of new additions to this collection of hostile takeovers? Or is it all just a misperception? Are things really no worse now than in previous years?

If this is some new development, can anything be done to turn off the faucet? Or must we resign ourselves to a steady drip-drip of frequent threats and updates ad infinitum?

While there is usually no downside to protecting yourself from a potential danger by updating to new software, I have to wonder whether this stream of bulletins are making us more anxious overall than is justified by the level of risk. In that regard, let me ask the community of Macworld readers: Have you ever been at the wrong end of any of these security vulnerabilities? Has any of your data ever been compromised as a result? If so, email me (bugs@macworld.com) to let me know. I’ll report back later with the results.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Apple @ Work Newsletter