X
Business
Home Business Enterprise Software

Exploit posted for brand-new Adobe PDF zero-day

Proof-of-concept exploit code has been published for a new zero-day vulnerability haunting Adobe's widely deployed PDF Reader software.In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating the issue, which affects Adobe Reader 9.
Written by Ryan Naraine, Contributor

adobepdflogo.png
Proof-of-concept exploit code has been published for a new zero-day vulnerability haunting Adobe's widely deployed PDF Reader software.

In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating the issue, which affects Adobe Reader 9.1 and 8.1.4.  "We are currently investigating, and will have an update once we get more information," according to Adobe's David Lenoe.

More details are available in this advisory:

Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability

Adobe Reader is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

Reader 8.1.4 and 9.1 for Linux are vulnerable; other versions or platforms may also be affected.

Adobe's PDF Reader software is a popular target for malware authors so, in the absence of a patch, users should consider using an alternative product.  A list of alternatives is available at pdfreaders.org.

Editorial standards
Show Comments

Related

mouse

How much tech can I get from Temu for $100 (and is it any good)?

GOTRAX 4 electric scooter

This affordable Lenovo laptop made me a believer in the 2-in-1 form factor

Logitech Mevo Core Streaming camera on a tripod on set

I fly 10 times a year. These 5 tech gadgets are lifesavers