Adobe plugs security holes in PDF Reader, Acrobat

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.

The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF "/Launch" functionality social engineering attack vector that was disclosed by researcher Didier Stevens.

As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities.

Hacker finds a way to exploit PDF files, without a vulnerability ]

The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.
follow Ryan Naraine on twitter

According to Adobe, the newest version includes changes to resolve the misuse of this command.

We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.

This Adobe Reader/Acrobat patch batch was originally scheduled for July 13, 2010.

More information on vulnerabilities fixed in the latest update, see this Adobe advisory.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All