Adobe issues Reader update fixing zero-day flaw

By SearchSecurity.com Staff 13 May 2009 | SearchSecurity.com

Security UK News Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. released an update for its Reader and Acrobat PDF file viewing software, plugging a known hole in the application.

Exploit code was made available last month on several websites and Adobe responded, warning customers to disable JavaScript as a workaround until a patch was released. In the Adobe bulletin, the software maker said the flaw could be exploited by an attacker to crash the application or gain user privileges on a victim's machine. To exploit the flaw, the attacker would have to trick the user into opening a malicious PDF file, Adobe said.

The flaw was identified in Adobe Reader 9.1, Acrobat 9.1 and earlier versions. A second vulnerability was also addressed. It appears to affect users running Adobe Reader on UNIX, Adobe said.

An advisory issued by Danish vulnerability clearinghouse Secunia said the PDF reader contains a memory corruption error when handling JavaScript. Secunia gave the flaws a highly critical rating.

According to statistics released by security vendor F-Secure Corp., attacks exploiting Adobe with malicious PDF files are rising. Adobe Acrobat Reader attacks accounted for 48.8% of targeted attacks so far in 2009, F-Secure said in a blog posting earlier this month. The targeted Adobe attacks were followed closely by Microsoft's Office Suite Word, Excel and PowerPoint files.

Tags: Secure Coding and Application Programming,  Web Application Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Secure Coding and Application Programming Using resource allocation management to prevent DoS and other attacks Static analysis tools boost security, but integration still an issue Open source software security tops commercial apps, study finds Improving software with the Building Security in Maturity Model (BSIMM) How to prevent Adobe hacks from affecting your organisation SANS Institute, MITRE release new top 25 dangerous coding errors list Code complexity analysis: How to keep it simple Active PDF attacks target Reader, Acrobat zero-day vulnerability Software piracy group offers cash to whistleblowers Cross-site scripting explained: How to prevent XSS attacks Web Application Security Social networking: Workplace productivity, security no match for Facebook Adobe vulnerability: Pen test firm finds ColdFusion admin page flaw Survey: Web 2.0 security issues cause concern Twitter settles with FTC over security issues, careless policies Report: Google to phase out Windows, cites security issues New tool enables botnet command and control via Twitter Pwn2Own results: The most secure Internet browser for enterprises Google cloud applications: Secure enough for the enterprise? Symantec Internet threat report highlights botnet, malware trends Researchers aim to smarten Web application security scanners

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary