News Stay informed about the latest enterprise technology news and product updates.

Adobe issues patch fixing month-long PDF zero-day vulnerability

The latest version plugs a serious hole being actively targeted by attackers in the wild. Users are urged to apply the updates as soon as possible.

Adobe Systems Inc. issued a security update to its Adobe Acrobat and Reader PDF viewing software, repairing a serious PDF zero-day vulnerability being actively targeted by attackers since mid-December.

Adobe security:
Adobe warns of critical Flash Media Server vulnerability: Adobe issues update correcting two critical flaws in Flash Media Server 3.5.2 and earlier versions. 

Adobe updates Flash Player, fixes seven serious vulnerabilities: Adobe Flash Player repairs memory corruption errors and a data injection vulnerability that could enable an attacker to crash the player and take control of a machine.

Active PDF attacks target Reader, Acrobat zero-day vulnerability: Malicious PDF files discovered in the wild spread via an email attachment and target a yet-to-be patched hole in Adobe Reader and Acrobat.

The latest Adobe update, issued Tuesday, repairs eight vulnerabilities in Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh.

"These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system," according to the Adobe security bulletin.

One of the errors, a remote code execution zero-day vulnerability in its multimedia.api, was discovered Dec. 15, but the software maker decided to delay issuing a patch to avoid negatively impacting the timing of its regularly scheduled quarterly security update. Since the discovery, several security researchers have discovered malware variants attempting to exploit the Adobe flaw in a series of email attacks containing malicious PDF attachments. The exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms, Adobe said.

In addition, Adobe addressed a memory corruption vulnerability, a script injection error and a DLL-loading flaw that could allow arbitrary code execution.

Dig Deeper on Productivity apps and messaging security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.