Adobe working on patch to correct new zero-day flaw

By SearchSecurity.com Staff 30 Apr 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. acknowledged a serious zero-day flaw in its Adobe Reader and Acrobat products this week, urging customers to disable JavaScript to mitigate the threat.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Few details were released about the coding error. An advisory issued by Danish vulnerability clearinghouse Secunia warned in an .update on the Adobe Reader issue, that the pdf reader contains two memory corruption errors when handling JavaScript. The flaw affects all versions of Adobe Reader and Acrobat running on all platforms, Adobe said.

"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe said in an advisory.

Secunia said an attacker could pass a malicious .pdf file to exploit the flaws. "Successful exploitation may allow execution of arbitrary code," Secunia said in its advisory.

So far, Adobe said there have been no reports of the flaw being exploited in the wild. Users can disable JavaScript until a patch is released by unchecking the 'Enable Acrobat JavaScript' option in the preferences menu.

Tags: Securing Productivity Applications,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool How to manage patches for Adobe Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary