Adobe ships critical PDF Reader, Acrobat patch

Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products.According to Adobe's advisory, the flaw "could potentially allow an attacker to take control of the affected system.

Adobe ships critical PDF Reader, Acobat patch
Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products.

According to Adobe's advisory, the flaw "could potentially allow an attacker to take control of the affected system."

If you have Adobe Reader or Acrobat installed on your machine, this update should be treated with the highest possible priority because the vulnerability is being exploited in the wild.

The patch is available for all platforms.  The affected products are:

  • Adobe Reader 8.0 through 8.1.2
  • Adobe Reader 7.0.9 and earlier
  • Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
  • Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier

Adobe Reader 7.1.0 and Acrobat 7.1.0 are not vulnerable to this issue.

From a separate SecurityFocus bulletin:

Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

 * Image source: existentist's Flickr photostream (Creative Commons 2.0)

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All