Digital artists should rejoice. The Adobe Illustrator weakness that has left it vulnerable to hacking will be fixed come January 8, 2010. Artists do not have to fear the loss of their works of art because the Illustrator’s developers have been alerted by an unknown hacker’s attacks and are discovering ways to fend such attacks in the future. If attacks such as these can target a weak spot in software, the effect is more than about losing digital illustrations. According to Adobe, hackers can infiltrate into computer systems through the software and spread malware that could mess up the personal computer. Adobe’s security advisory emphasizes that versions 3 and 4 from the Illustrator Creative Suite are the two most vulnerable to similar attacks. Those using versions 3 and 4 may suddenly find their computers invaded by unauthorized software. Adobe hopes that the solution due January 8 will bounce all attempts to attack.
The hacker’s attack is posted through a "proof of concept" blog post. This means that the hacker's information can be accessed by cybercriminals, making this flaw a critical issue for the developers of Adobe Illustrator.
How the attack will work
The attack, however, does not work on its own. Users will have to unknowingly open an Encapsulated Postscript (.eps) file for the attack code to be generated. The scary thing about this attack code is that it is publicly available. If the code gets into the wrong hands, there could be more possibly successful attempts at infiltration and malware spread. The real solution then is to fix the software itself. Getting rid of the code is far more complicated. Adobe Illustrator users are also further warned against opening .eps files from unknown or uncertain sources. They should await the Illustrator patch, which will be available early January of 2010.
Brad Arkin, head of Adobe’s Product Security, reveals that his team has not yet confirmed if the point of concept attack can include the release of viruses on the personal computer with versions 3 or 4 of Adobe Illustrator installed. Software flows are not limited to the Adobe Illustrator, however. Both Microsoft and Adobe are experiencing software problems that should be remedied as soon as possible. Both companies are hoping to deliver patches for flaws found in Adobe’s Flash Player and Microsoft’s Internet Explorer. The vulnerabilities and flaws of other software, unfortunately, are only discovered when attacks have already occurred.
Microsoft's bug fixes
Microsoft’s bug fixes also extend to Windows and Office. There will be no less than six security updates to correct some of the flaws. Internet Explorer alone will need a patch to be secured. Consumers can only hope that the said security updates and patches can truly make the software safe and bug-free.
The hacker’s attack is posted through a "proof of concept" blog post. This means that the hacker's information can be accessed by cybercriminals, making this flaw a critical issue for the developers of Adobe Illustrator.
How the attack will work
The attack, however, does not work on its own. Users will have to unknowingly open an Encapsulated Postscript (.eps) file for the attack code to be generated. The scary thing about this attack code is that it is publicly available. If the code gets into the wrong hands, there could be more possibly successful attempts at infiltration and malware spread. The real solution then is to fix the software itself. Getting rid of the code is far more complicated. Adobe Illustrator users are also further warned against opening .eps files from unknown or uncertain sources. They should await the Illustrator patch, which will be available early January of 2010.
Brad Arkin, head of Adobe’s Product Security, reveals that his team has not yet confirmed if the point of concept attack can include the release of viruses on the personal computer with versions 3 or 4 of Adobe Illustrator installed. Software flows are not limited to the Adobe Illustrator, however. Both Microsoft and Adobe are experiencing software problems that should be remedied as soon as possible. Both companies are hoping to deliver patches for flaws found in Adobe’s Flash Player and Microsoft’s Internet Explorer. The vulnerabilities and flaws of other software, unfortunately, are only discovered when attacks have already occurred.
Microsoft's bug fixes
Microsoft’s bug fixes also extend to Windows and Office. There will be no less than six security updates to correct some of the flaws. Internet Explorer alone will need a patch to be secured. Consumers can only hope that the said security updates and patches can truly make the software safe and bug-free.