Adobe issues Reader update fixing zero-day flaw

Article

Adobe issues Reader update fixing zero-day flaw

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. released an update for its Reader and Acrobat PDF file viewing software, plugging a known hole in the application.

Exploit code was made available last month on several websites and Adobe responded, warning customers to disable JavaScript as a workaround until a patch was released. In the Adobe bulletin, the software maker said the flaw could be exploited by an attacker to crash the application or gain user privileges on a victim's machine. To exploit the flaw, the attacker would have to trick the user into opening a malicious PDF file, Adobe said.

Adobe updates:
Adobe working on patch to correct new zero-day flaw: Adobe Reader and Acrobat contain memory corruption errors that could be exploited by an attacker to execute arbitrary code.

Adobe issues patch to block zero-day flaw: The latest version of Adobe Acrobat Reader corrects a critical image handling flaw being actively exploited in the wild.

The flaw was identified in Adobe Reader 9.1, Acrobat 9.1 and earlier versions. A second vulnerability was also addressed. It appears to affect users running Adobe Reader on UNIX, Adobe said.

An advisory issued by Danish vulnerability clearinghouse Secunia said the PDF reader contains a memory corruption error when handling JavaScript. Secunia gave the flaws a highly critical rating.

According to statistics released by security vendor F-Secure Corp., attacks exploiting Adobe with malicious PDF files are rising. Adobe Acrobat Reader attacks accounted for 48.8% of targeted attacks so far in 2009, F-Secure said in a blog posting earlier this month. The targeted Adobe attacks were followed closely by Microsoft's Office Suite Word, Excel and PowerPoint files.