Article

Adobe issues patch fixing month-long PDF zero-day vulnerability

SearchSecurity.com Staff

Adobe Systems Inc. issued a security update to its Adobe Acrobat and Reader PDF viewing software, repairing a serious PDF zero-day vulnerability being actively targeted by attackers since mid-December.

    Requires Free Membership to View

Adobe security:
Adobe warns of critical Flash Media Server vulnerability: Adobe issues update correcting two critical flaws in Flash Media Server 3.5.2 and earlier versions. 

Adobe updates Flash Player, fixes seven serious vulnerabilities: Adobe Flash Player 10.0.42.34 repairs memory corruption errors and a data injection vulnerability that could enable an attacker to crash the player and take control of a machine.

Active PDF attacks target Reader, Acrobat zero-day vulnerability: Malicious PDF files discovered in the wild spread via an email attachment and target a yet-to-be patched hole in Adobe Reader and Acrobat.

The latest Adobe update, issued Tuesday, repairs eight vulnerabilities in Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh.

"These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system," according to the Adobe security bulletin.

One of the errors, a remote code execution zero-day vulnerability in its multimedia.api, was discovered Dec. 15, but the software maker decided to delay issuing a patch to avoid negatively impacting the timing of its regularly scheduled quarterly security update. Since the discovery, several security researchers have discovered malware variants attempting to exploit the Adobe flaw in a series of email attacks containing malicious PDF attachments. The exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms, Adobe said.

In addition, Adobe addressed a memory corruption vulnerability, a script injection error and a DLL-loading flaw that could allow arbitrary code execution.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: