Adobe issues Reader update fixing zero-day flaw

By SearchSecurity.com Staff 13 May 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. released an update for its Reader and Acrobat PDF file viewing software, plugging a known hole in the application.

Exploit code was made available last month on several websites and Adobe responded, warning customers to disable JavaScript as a workaround until a patch was released. In the Adobe bulletin, the software maker said the flaw could be exploited by an attacker to crash the application or gain user privileges on a victim's machine. To exploit the flaw, the attacker would have to trick the user into opening a malicious PDF file, Adobe said.

Adobe updates: Adobe working on patch to correct new zero-day flaw: Adobe Reader and Acrobat contain memory corruption errors that could be exploited by an attacker to execute arbitrary code. Adobe issues patch to block zero-day flaw: The latest version of Adobe Acrobat Reader corrects a critical image handling flaw being actively exploited in the wild.

The flaw was identified in Adobe Reader 9.1, Acrobat 9.1 and earlier versions. A second vulnerability was also addressed. It appears to affect users running Adobe Reader on UNIX, Adobe said.

An advisory issued by Danish vulnerability clearinghouse Secunia said the PDF reader contains a memory corruption error when handling JavaScript. Secunia gave the flaws a highly critical rating.

According to statistics released by security vendor F-Secure Corp., attacks exploiting Adobe with malicious PDF files are rising. Adobe Acrobat Reader attacks accounted for 48.8% of targeted attacks so far in 2009, F-Secure said in a blog posting earlier this month. The targeted Adobe attacks were followed closely by Microsoft's Office Suite Word, Excel and PowerPoint files.

Tags: Securing Productivity Applications,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Web Application and Web 2.0 Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Application Attacks (Buffer Overflows, Cross-Site Scripting) Quiz: How to build secure applications Black box and white box testing: Which is best? Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Web Application and Web 2.0 Threats New Facebook worm propagates using sexy model Web security firm ranks Firefox, Safari browsers as flaw prone Web application vulnerability assessment shows patching progress Layoffs prompt insider threat fears, cybersecurity survey finds Botnet masters turn to Google, social networks to avoid detection Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Kaspersky system analyzes malicious URLs on Twitter for malware Pushdo botnet uses Facebook to spread malicious email attachment Do Facebook URL security concerns justify blocking social networks?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary