Adobe patches security flaws in Acrobat and Reader

Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and Mac, patching vulnerabilities that could allow an attacker to take control of the affected system.

One vulnerability in Adobe Acrobat Reader DC can be exploited for the purposes of arbitrary code execution, Adobe said.

Uncovered by Cisco Talos researcher Aleksandar Nikolic, the TALOS-2017-0361 / CVE-2017-11263 exploit manifests in the parser program, the software component which takes inputs and builds them into data, in the Acroform parsing functionality used in PDFs.

A specifically-crafted PDF document could be designed to trigger this vulnerability and lead the parser to into an unintended state and therefore allow an attacker to access or overwrite memory inside the process for the purposes of arbitrary code execution.

The vulnerability would be triggered by a victim opening the malicious file or accessing a malicious webpage.

Adobe has released a software update that addresses the vulnerability, alongside updates for other vulnerabilities rated critical and important that "could potentially allow an attacker to take control of the affected system".

READ MORE ON CYBERSECURITY

• Flash loses final appeal: Adobe sentences its web tech to death [CNET]
• Microsoft fixes 'critical' security bugs affecting all versions of Windows
• The race for N-days: Why millions of us are still vulnerable to known exploits
• Adobe patches 21 vulnerabilities in latest security update
• Beware that Adobe Flash update on your Android device: It could be malware [TechRepublic]