News Stay informed about the latest enterprise technology news and product updates.

Adobe working on patch to correct new zero-day flaw

Adobe Reader and Acrobat contain memory corruption errors that could be exploited by an attacker to execute arbitrary code.

Adobe Systems Inc. acknowledged a serious zero-day flaw in its Adobe Reader and Acrobat products this week, urging customers to disable JavaScript to mitigate the threat.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Few details were released about the coding error. An advisory issued by Danish vulnerability clearinghouse Secunia warned in an .update on the Adobe Reader issue, that the pdf reader contains two memory corruption errors when handling JavaScript. The flaw affects all versions of Adobe Reader and Acrobat running on all platforms, Adobe said.

"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe said in an advisory.

Secunia said an attacker could pass a malicious .pdf file to exploit the flaws. "Successful exploitation may allow execution of arbitrary code," Secunia said in its advisory.

So far, Adobe said there have been no reports of the flaw being exploited in the wild. Users can disable JavaScript until a patch is released by unchecking the 'Enable Acrobat JavaScript' option in the preferences menu.

Dig Deeper on Productivity apps and messaging security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.