Article

Adobe issues Reader update fixing zero-day flaw

SearchSecurity.com Staff

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. released an update for its Reader and Acrobat PDF file viewing software, plugging a known hole in the application.

Exploit code was made available last month on several websites and Adobe responded, warning customers to disable JavaScript as a workaround until a patch was released. In the Adobe bulletin, the software maker said the flaw could be exploited by an attacker to crash the application or gain user privileges on a victim's machine. To exploit the flaw, the attacker would have to trick the user into opening a malicious PDF file, Adobe said.

Adobe updates:
Adobe working on patch to correct new zero-day flaw: Adobe Reader and Acrobat contain memory corruption errors that could be exploited by an attacker to execute arbitrary code.

Adobe issues patch to block zero-day flaw: The latest version of Adobe Acrobat Reader corrects a critical image handling flaw being actively exploited in the wild.

The flaw was identified in Adobe Reader 9.1, Acrobat 9.1 and earlier versions. A second vulnerability was also addressed. It appears to affect users running Adobe Reader on UNIX, Adobe said.

An advisory issued by Danish vulnerability clearinghouse Secunia said the PDF reader contains a memory corruption error when handling JavaScript. Secunia gave the flaws a highly critical rating.

According to statistics released by security vendor F-Secure Corp., attacks exploiting Adobe with malicious PDF files are rising. Adobe Acrobat Reader attacks accounted for 48.8% of targeted attacks so far in 2009, F-Secure said in a blog posting earlier this month. The targeted Adobe attacks were followed closely by Microsoft's Office Suite Word, Excel and PowerPoint files.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: