Day two of the Pwn2Own competition at CanSecWest was again successful for French Vupen security, as they succeeded in exploiting Adobe Flash on Internet Explorer 9 on Windows 7 by chaining together three zero-days (an overflow, a ASLR bypass technique and a IE9 sandbox memory corruption) and earning themselves another $70,000.
Adobe has pushed out the announced update for Acrobat and Reader that patches the two vulnerabilities that were recently exploited in attacks in the wild.
Following the recent debacle of the critical Java 0-day that was being actively exploited in the wild, in an attempt to minimize its users' attack surface Mozilla has enabled "Click To Play" for recent versions of Java on all platforms, ensuring that the Java plugin will not load unless a user specifically clicks to enable the plugin.
Russian based security company Group-IB announced a new zero day vulnerability in Adobe Reader 10 and 11.
Adobe has issued new versions of Reader and Acrobat, patching 14 vulnerabilities.