Researchers find hole in Adobe fix

The out-of-cycle Adobe Reader and Acrobat patch released on Tuesday has failed to remedy an issue that could allow an attacker to run malicious code, according to a Vietnamese security company.

The out-of-cycle Adobe Reader and Acrobat patch released on Tuesday has failed to remedy an issue that could allow an attacker to run malicious code, according to a Vietnamese security company.

The version 9.3.3 update for the PDF software products was designed to plug several security problems, including one connected with the Launch dialogue box that could coax a user into opening an embedded executable file. Belgian security researcher Didier Stevens, who reported the issue to Adobe in March, confirmed in a blog post following the release of the patch that the problem was fixed.

However, according to Bach Khoa Internetwork Security centre (Bkis), the update has failed to fully remedy the issue, which Vietnamese antivirus provider said is being used by viruses in attacks. In a post on the Bkis security blog, senior security researcher Le Manh Tung argued that the fix could still be circumvented.

For more on this story, read Researchers find workaround for Adobe PDF fix on ZDNet UK.