Today Adobe published a security bulletin and updates for ADE (Adobe Digital Editions). This issue affects "Adobe Digital Editions 4.5.0 and earlier versions" on Windows, Macintosh, iOS and Android. Adobe is categorizing this as a Critical vulnerability ("A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware."), but with a low priority since, unlike Flash and Reader, ADE is not commonly targeted by malware.
It appears that details on the vulnerability are being withheld until people have a chance to install the updated version of ADE (4.5.1). The CVE database still says this CVE number is "reserved." So, I'm not quite sure if "earlier versions" includes all older versions or just older versions of ADE 4.x.
This brings me to my question. IIRC, many of you have been holding off on upgrading beyond ADE 2.01 because of DRM issues with ADE 3 and newer. If that's correct, what are you doing to protect yourselves from security problems with the older versions?
Adobe doesn't list very many ADE vulnerabilities, Security Bulletins and Advisories - Adobe Digital Editions, but this bulletin shows a vulnerability in ADE 2.01 on Windows and Mac which is fixed in ADE 3. The oldest bulletin listed is for ADE 2.0.0 which is fixed by 2.0.1, so I'm not sure about any problems with 1.7.x.
The only thing I can think of to be safe with older versions is to change the settings in my browsers and operating systems so that ADE doesn't automatically open ACSM, PDF, and epub files. Any other ideas?
Spoiler:
It appears that details on the vulnerability are being withheld until people have a chance to install the updated version of ADE (4.5.1). The CVE database still says this CVE number is "reserved." So, I'm not quite sure if "earlier versions" includes all older versions or just older versions of ADE 4.x.
This brings me to my question. IIRC, many of you have been holding off on upgrading beyond ADE 2.01 because of DRM issues with ADE 3 and newer. If that's correct, what are you doing to protect yourselves from security problems with the older versions?
Adobe doesn't list very many ADE vulnerabilities, Security Bulletins and Advisories - Adobe Digital Editions, but this bulletin shows a vulnerability in ADE 2.01 on Windows and Mac which is fixed in ADE 3. The oldest bulletin listed is for ADE 2.0.0 which is fixed by 2.0.1, so I'm not sure about any problems with 1.7.x.
The only thing I can think of to be safe with older versions is to change the settings in my browsers and operating systems so that ADE doesn't automatically open ACSM, PDF, and epub files. Any other ideas?