Adobe fixes 29 flaws in Acrobat, Reader

By SearchSecurity.com Staff 14 Oct 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. issued an update Tuesday, repairing nearly 30 flaws identified as critical, as part of its quarterly update. Adobe warned that one flaw is being actively targeted by attackers.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Reader 9.2 and Acrobat 9.2 fix vulnerabilities that if exploited by an attacker, could cause the application to crash or allow an attacker to run malicious code and gain access to critical system files.

The Adobe update fixes errors in Adobe Reader and Acrobat 9.1.3 and Acrobat 8.1.6 for Windows, Macintosh and UNIX. Security vendors have warned that malicious PDF files were targeting an unpatched heap overflow vulnerability.

According to the Adobe October Security Bulletin, the update resolves multiple heap-based buffer overflow conditions, memory corruption issues and input validation errors that could lead to code execution. An input validation issue specific to an ActiveX control could lead to a denial-of-service (DoS) attack, Adobe said.

The update fixes an error with a third party Web download product that Adobe Reader uses, which could be exploited by an attacker to escalate local privileges. A cross-site scripting (XSS) issue has also been addressed in a browser plugin for the Google Chrome and Opera browsers.

Tags: Securing Productivity Applications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Quiz: How to build secure applications How to detect software tampering Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool How to manage patches for Adobe

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary