Adobe warns of critical update for Reader, Acrobat 9.1.3

An Adobe update next week will repair a critical zero-day flaw being actively targeted by attackers.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. released an advisory warning users of its popular Adobe Reader and Acrobat program that it would issue a critical update next week repairing serious JavaScript vulnerability.

In its advance notification issued Thursday, the software maker said the release will update Adobe Reader and Acrobat 9.1.3 and Acrobat 8.1.6 for Windows, Macintosh and UNIX. The update will be pushed out Oct. 13, as part of Adobe's new regularly scheduled quarterly patch release.

Adobe acknowledged reports that the vulnerability is being exploited in the wild in "limited, targeted attacks." Until the update is released, Users can disable JavaScript to mitigate the exploit. Windows Vista users with data execution prevention (DEP) enabled are protected, Adobe said.

Symantec's Security Focus issued an advisory warning that the vulnerability could be exploited by an attacker supplying a malicious PDF file. An exploited vulnerability could allow an attacker to execute arbitrary code or result in crashing the program.

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close