Adobe Closes Security Hole

Adobe Acrobat has a vulnerability that could cause it to crash and run arbitrary code. Adobe systems has released a patch for it, but beware of hackers distributing fraudulent patches via e-mail...
Written by Suzanne Deffree, Contributor
Adobe Systems has released a software update that patches potential security vulnerabilities found in Adobe Acrobat products for Windows.

Until now, PDF files were considered safe, posing no risks to users. For that reason and its transmission quality, PDF has become an industry standard for Internet documents.

But a vulnerability, discovered by Shadow Penguin Security, could allow malicious code to be included within a PDF file due to a buffer overflow error. So far, no customers have reported any problems. If the vulnerability is exploited, it could cause Acrobat to crash and run arbitrary code.

The fix, Update 2, works with Acrobat 4.05 and includes all bug fixes in Update 1. The machine must be operating on Acrobat 4.05. Before installing Update 2, previous versions must be upgraded. The update does not address Macintosh and Unix versions of Acrobat, since the potential security hole isn't found on those platforms.

Another word of caution: Hackers are distributing fraudulent Adobe security patches via e-mail. The company says the fix is only available at its Web site.

Editorial standards