Security

Bugs & Fixes: Microsoft, Adobe issue new security bulletins

Another week, another pair of security warnings from Microsoft and Adobe.

Microsoft batted lead-off with a bulletin that revealed “eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user.” The potential danger affects Microsoft Office for Mac 2004, 2008, and 2011. The solution is to install the latest updates to these software packages. A Macworld article has more details.

Next up to bat: Adobe (less than two weeks from their prior trip to this dubious plate). Their latest bulletin warns: “A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions. This memory corruption vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious Web pages.” Their recommended solution is to update to Adobe Flash Player 10.3.181.26 (at least until Adobe discovers a new critical vulnerability with this latest version). There are also related updated versions of Adobe Reader and Acrobat. Again, a Macworld article has more details.

I have a few lingering questions:

What is it with all these recently exposed ways to gain unauthorized control of a computer? Have hackers figured out some new core techniques that are just now being exploited — again and again? Or is it a coincidence that this past year has seen a steady flow of new additions to this collection of hostile takeovers? Or is it all just a misperception? Are things really no worse now than in previous years?

If this is some new development, can anything be done to turn off the faucet? Or must we resign ourselves to a steady drip-drip of frequent threats and updates ad infinitum?

While there is usually no downside to protecting yourself from a potential danger by updating to new software, I have to wonder whether this stream of bulletins are making us more anxious overall than is justified by the level of risk. In that regard, let me ask the community of Macworld readers: Have you ever been at the wrong end of any of these security vulnerabilities? Has any of your data ever been compromised as a result? If so, email me (bugs@macworld.com) to let me know. I’ll report back later with the results.

Subscribe to the Apple @ Work Newsletter

Comments