Adobe warns of critical zero-day flaw in Reader, Acrobat

No patch yet available for zero-day vulnerability that is reportedly being exploited in the wild.

Adobe Systems Inc. on Wednesday warned of a critical zero-day flaw in its Reader and Acrobat software that could

allow an attacker to take over a system.

The vulnerability is reportedly being actively exploited in the wild, Adobe said in its brief security advisory. There is no patch yet available for the flaw.

The flaw exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh, according to Adobe.

Adobe said it is in "the process of evaluating the schedule for an update to resolve this vulnerability."

In a blog post Wednesday afternoon, McAfee researchers reported seeing a zero-day vulnerability in the wild that affects the latest version of Adobe Reader. "This zero-day vulnerability is a typical stack buffer overflow vulnerability and exploitation of this issue is expected to be relatively easy," they wrote.

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close