Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

Summary: A pre-notification advisory from Adobe confirms that this patch batch will include a fix for CVE-2010-2883, which has already been exploited in zero day attacks.

SHARE:

As part of its scheduled quarterly update cycle, Adobe plans to release new versions of its PDF Reader/Acrobat software to gaping security holes that expose users to hacker attacks.

The patches will be released next Tuesday (October 5, 2010) for Windows, Mac and UNIX users.

[ New PDF zero-day under attack ]

A pre-notification advisory from Adobe confirms that this patch batch will include a fix for CVE-2010-2883, which has already been exploited in zero day attacks.

In those attacks, the vulnerability is being exploited via rigged PDF files sent to select business targets.

The  October 5, 2010 updates represent an accelerated release of the next quarterly security update originally scheduled for October 12, 2010.

Topics: Security, Enterprise Software, Hardware, Operating Systems, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

    How can what amounts to a read-only application have so many exploits? Maybe if Adobe stuck to keeping PDF as simple electronic document format instead of trying to make it the swiss-army knife of the internet with all kinds of features nobody uses this wouldn't be such a common problem for them. Seems like once a week for the past ten years there's at least one Acrobat vunerabiity unveiled. Considering how much they charge for their Acrobat full product they ought to be ashamed. And don't even get me started on Acrobat Reader's performance, which is so bad they've managed to create an entire cottage industry of software companies tripping over themselves to produce PDF readers that perform better than Adobe's reader does.
    putty.master
  • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

    An Adobe vulnerability? Wow, when did that ever happen...
    kenift
  • Simple Fix...

    ...don't use Adobe Reader. There are many free PDF readers available, one of the best being Nitro PDF, another being Foxit Reader, another, used strictly for printing to a PDF document is doPDF v7. Why anyone would use a bloated software program simply to read a file is way beyond my understanding. In addition, you can pay for a full-fledged suite offered by any of the companies I mentioned for much less than Adobe, with much less bloat. It's time for Adobe to simply go away...
    rmazzeo
    • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

      @rmazzeo I totally agree. I dumped Adobe reader as soon as I learned about Foxit reader. It's much lighter and totally secure. Now, when is somebody going to offer an alternative to Flash and Shockwave, so that I can dump Adobe products all together?
      ddferrari
      • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

        @ddferrari

        "Foxit reader. It's much lighter and totally secure."

        While I, too, use Foxit reader, don't delude yourself that it is "totally secure". It is subject to some of the same vulnerabilities as Adobe, and you have to "Check for Updates" regularly to make sure you are protected. Fortunately, it is less known and less subject to directed hacking attacks.
        jorjitop
  • some very uniformed comments here

    And why, Ryan, have you been so lax as to not even mention the cure Microsoft provided weeks ago, in the EMET tool?<br><br>Now, the alternative readers are _not_ anywhere near as good as Adobe Reader. They do not implement font hinting correctly or at all, so that pdfs look bad and are hard to read. Also, you'll find color management missing, so good luck when you try to print -- at least in my experiences, colors, saturation, etc. have been much more than 'a little' off.<br><br>As far as how a reader application can have security flaws, that's malware 101. It has nothing to do with extra capabilities, which I presume we all turn off now anyway. <br><br>Anyway, it sounds like children taunting so often in here. Please grow up, and leave your bullying talk behind.<br><br>narr vi
    Narr vi
  • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

    I find it suspicious that these programs are capable of running imbeded code from inside a data only file. I write programs, and I certainly don't write them to execute code from a data file. Why don't they just make the error handler in their program blank the data segment and shut the program down before an execution can occur??? Or make the program use a validation scan of the file before it starts using the information in it? It sounds like poor data validating and error handling.

    But of course I don't know much about the specific nature of the problem.
    AZDnetSubscriber
  • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

    Another one? It seems like one a month for Adobe. As for PDF readers, but none come close to the quality of Adobe Reader, despite the claims. If there was one out there I'd be using it. About the only thing I do to trim the bloat and load time is move some of the unused plugins to the Optional dir. Outside of Office 2007's PDF printing capability, I have doPDF installed for other applications.
    avoidz
  • Q: What are the risks of opening PDF files when using Preview in Mac OS X?

    Can somebody answer me?
    samunplugged
    • RE: Q: What are the risks of opening PDF files when using Preview in Mac OS

      @samunplugged
      Different application. It shouldn't be effected.
      ZackCDLVI
    • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

      @samunplugged
      There is a patch for Both PC and Mac versions, so there is likely a problem with versions on both platforms
      Jaytmoon
  • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

    Boy, whatever happened to all those Pro-Adobe peeps?
    ZackCDLVI
  • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

    Too little, too late. I just switched FOREVER from Adobe Reader to Foxit Reader. Smaller, faster, does the same stuff.... need I keep on going?

    Adobe needs to redo Reader big time, to get rid of these holes.
    Lerianis10
    • RE: Adobe Patch Tuesday heads-up: Critical holes in PDF Reader

      @Lerianis10

      Or at least Adobe could start properly compiling all their DLLs to take advantage of DEP (data execute prevention), which is what EMET easily and externally enforces.<br><br>Why Adobe hasn't done this is at least a question of this hour. Perhaps over politics between Adobe and Redmond, who knows.
      Narr vi