Adobe warns of critical update for Reader, Acrobat 9.1.3

An Adobe update next week will repair a critical zero-day flaw being actively targeted by attackers.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. released an advisory warning users of its popular Adobe Reader and Acrobat program that it would issue a critical update next week repairing serious JavaScript vulnerability.

In its advance notification issued Thursday, the software maker said the release will update Adobe Reader and Acrobat 9.1.3 and Acrobat 8.1.6 for Windows, Macintosh and UNIX. The update will be pushed out Oct. 13, as part of Adobe's new regularly scheduled quarterly patch release.

Adobe acknowledged reports that the vulnerability is being exploited in the wild in "limited, targeted attacks." Until the update is released, Users can disable JavaScript to mitigate the exploit. Windows Vista users with data execution prevention (DEP) enabled are protected, Adobe said.

Symantec's Security Focus issued an advisory warning that the vulnerability could be exploited by an attacker supplying a malicious PDF file. An exploited vulnerability could allow an attacker to execute arbitrary code or result in crashing the program.

Dig Deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close