Adobe working on patch to correct new zero-day flaw

By SearchSecurity.com Staff 30 Apr 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. acknowledged a serious zero-day flaw in its Adobe Reader and Acrobat products this week, urging customers to disable JavaScript to mitigate the threat.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Few details were released about the coding error. An advisory issued by Danish vulnerability clearinghouse Secunia warned in an .update on the Adobe Reader issue, that the pdf reader contains two memory corruption errors when handling JavaScript. The flaw affects all versions of Adobe Reader and Acrobat running on all platforms, Adobe said.

"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe said in an advisory.

Secunia said an attacker could pass a malicious .pdf file to exploit the flaws. "Successful exploitation may allow execution of arbitrary code," Secunia said in its advisory.

So far, Adobe said there have been no reports of the flaw being exploited in the wild. Users can disable JavaScript until a patch is released by unchecking the 'Enable Acrobat JavaScript' option in the preferences menu.

Tags: Securing Productivity Applications,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Software piracy group offers cash to whistleblowers How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Emerging Information Security Threats Best practices for (small) botnets Cybersecurity grant to fund research into critical infrastructure threats RSA security conference 2010: news, interviews and updates Hackers to sharpen malware, malicious software in 2010 Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers US-CERT warns of BlackBerry snooping software Researchers find thousands of flawed embedded devices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary