News Stay informed about the latest enterprise technology news and product updates.

Adobe warns of critical zero-day flaw in Reader, Acrobat

No patch yet available for zero-day vulnerability that is reportedly being exploited in the wild.

Adobe Systems Inc. on Wednesday warned of a critical zero-day flaw in its Reader and Acrobat software that could allow an attacker to take over a system.

The vulnerability is reportedly being actively exploited in the wild, Adobe said in its brief security advisory. There is no patch yet available for the flaw.

The flaw exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh, according to Adobe.

Adobe said it is in "the process of evaluating the schedule for an update to resolve this vulnerability."

In a blog post Wednesday afternoon, McAfee researchers reported seeing a zero-day vulnerability in the wild that affects the latest version of Adobe Reader. "This zero-day vulnerability is a typical stack buffer overflow vulnerability and exploitation of this issue is expected to be relatively easy," they wrote.

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.