Adobe warns of critical update for Reader, Acrobat 9.1.3

By SearchSecurity.com Staff 09 Oct 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. released an advisory warning users of its popular Adobe Reader and Acrobat program that it would issue a critical update next week repairing serious JavaScript vulnerability.

In its advance notification issued Thursday, the software maker said the release will update Adobe Reader and Acrobat 9.1.3 and Acrobat 8.1.6 for Windows, Macintosh and UNIX. The update will be pushed out Oct. 13, as part of Adobe's new regularly scheduled quarterly patch release.

Adobe acknowledged reports that the vulnerability is being exploited in the wild in "limited, targeted attacks." Until the update is released, Users can disable JavaScript to mitigate the exploit. Windows Vista users with data execution prevention (DEP) enabled are protected, Adobe said.

Symantec's Security Focus issued an advisory warning that the vulnerability could be exploited by an attacker supplying a malicious PDF file. An exploited vulnerability could allow an attacker to execute arbitrary code or result in crashing the program.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Securing Productivity Applications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites SQL injection continues to trouble firms, lead to breaches Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Securing Productivity Applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool How to manage patches for Adobe Adobe ColdFusion websites being compromised

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary