Adobe issues Reader update fixing zero-day flaw

Exploit code to attack a remote code execution flaw in Adobe Reader was available in the wild.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. released an update for its Reader and Acrobat PDF file viewing software, plugging a known hole in the application.

Exploit code was made available last month on several websites and Adobe responded, warning customers to disable JavaScript as a workaround until a patch was released. In the Adobe bulletin, the software maker said the flaw could be exploited by an attacker to crash the application or gain user privileges on a victim's machine. To exploit the flaw, the attacker would have to trick the user into opening a malicious PDF file, Adobe said.

Adobe updates:
Adobe working on patch to correct new zero-day flaw: Adobe Reader and Acrobat contain memory corruption errors that could be exploited by an attacker to execute arbitrary code.

Adobe issues patch to block zero-day flaw: The latest version of Adobe Acrobat Reader corrects a critical image handling flaw being actively exploited in the wild.

The flaw was identified in Adobe Reader 9.1, Acrobat 9.1 and earlier versions. A second vulnerability was also addressed. It appears to affect users running Adobe Reader on UNIX, Adobe said.

An advisory issued by Danish vulnerability clearinghouse Secunia said the PDF reader contains a memory corruption error when handling JavaScript. Secunia gave the flaws a highly critical rating.

According to statistics released by security vendor F-Secure Corp., attacks exploiting Adobe with malicious PDF files are rising. Adobe Acrobat Reader attacks accounted for 48.8% of targeted attacks so far in 2009, F-Secure said in a blog posting earlier this month. The targeted Adobe attacks were followed closely by Microsoft's Office Suite Word, Excel and PowerPoint files.

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close