Adobe plugs security holes in PDF Reader, Acrobat

Adobe plugs security holes in PDF Reader, Acrobat

Summary: Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.

SHARE:

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.

The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF "/Launch" functionality social engineering attack vector that was disclosed by researcher Didier Stevens.

As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities.

Hacker finds a way to exploit PDF files, without a vulnerability ]

The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.follow Ryan Naraine on twitter

According to Adobe, the newest version includes changes to resolve the misuse of this command.

We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.

This Adobe Reader/Acrobat patch batch was originally scheduled for July 13, 2010.

More information on vulnerabilities fixed in the latest update, see this Adobe advisory.

Topics: Enterprise Software, Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • RE: Adobe plugs security holes in PDF Reader, Acrobat

    I updated my copy of Adobe to the Beta for flash and got rid of one problem then stuck a PDF reader from another company on my machine and got rid of Adobe reader.

    My experience with Adobe has been that _it_ is a security problem and a major pain in the butt. I don't like having to use their products. They need to get some new blood in among their coders or they are going to forfeit a lot of business which already seems to be true with flash. It is going by-bye.
    deowll
    • Ha! What you said, deowll!

      @deowll I logged on here to have my say, but you already said it! Just yesterday I let Firefox harangue me into updating my Adobe Flash for "security" patches, and instead what I got was some Adobe "Download Manager". WTH is that? Bait-and-Switch, so they can take over how I do downloads? I don't THINK so. Uninstalled it right quick. I already have my list of alternative pdf readers, because Adobe's is so slow to start up. Now that I know that Adobe is so aggressive to get into my computer that they'll even lie to both me and the Mozilla-Firefox project, I will now start avoiding Adobe products the same way I avoid Microsoft bloatware products whenever I can.
      SuzCorner
    • RE: Adobe plugs security holes in PDF Reader, Acrobat

      <a href="http://www.replicacool.org">imitation hermes bags</a>
      xiaodou
    • RE: Adobe plugs security holes in PDF Reader, Acrobat

      <a href="http://www.replicawatchesbest.org">swiss replica watches</a>
      xiaodou
  • RE: Adobe plugs security holes in PDF Reader, Acrobat

    There are several good alternatives to the ADOBE PDF reader out there. Please advise, and everyone will be happy!
    davekingsb@...
  • Enough already!

    All I want to do is read pdf files, for chrissakes. If Adobe can't (or won't) hand out a simple READER without all the unwanted crap that needs patches every other day, it's up to users to ditch Adobe. Can anyone point to a review of the options?
    jpdemers@...