Computerworld

Adobe issues alert over Acrobat bug

Acrobat and Acrobat Reader, two of the most widely used desktop applications, contain serious security flaws that could be used to take over a system, according to Adobe.

The company has urged users to update the software immediately.

Adobe Reader is Adobe's tool for reading PDF files, while Acrobat can also create PDF files and has other more advanced features. Affected are Reader and Acrobat versions 5.1, 6.0 to 6.0.3, and 7.0 to 7.0.2. Users can update to versions 5.2, 6.0.4 or 7.0.3 via the software's built-in automatic update or via a manual download from Adobe's site.

The bug is found in a core application plug-in found in both Acrobat and Reader, according to Adobe, and could be exploited by tricking the user into opening a malicious PDF file. Because PDFs can be embedded into Web pages, such an attack wouldn't necessarily require any user intervention.

"If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader," Adobe said in its advisory. "A buffer overflow can cause the application to crash and increase the risk of malicious code execution."

US-CERT, the US Computer Emergency Readiness Team, issued its own advisory on the flaw. FrSIRT, the French Security Incident Response Team, and independent security firm, Secunia, both assigned the bug highly critical ratings.

Network administrators may not have much leisure to patch - hackers have recently been taking less time to come up with worms that exploit known vulnerabilities in widely used software. A bug in Microsoft Windows Plug n Play, patched last Tuesday, quickly morphed into exploit code, and then into worms such as Zentob, which on Tuesday successfully disrupted systems at CNN, The New York Times, ABC and other large organisations in the US, Germany and Asia.

The bug went from disclosure to widespread worm attacks within a week, one of the fastest-developing security threats so far, security experts said.

More about: ABC, Adobe, CERT, CNN, Microsoft, VIA

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Recent Discussions
Whitepapers
All whitepapers
tracking pixel
 
Computerworld Community Comments
Zones
SAS Resource Centre

This Resource Centre hosts a wealth of thought leadership articles, whitepapers, and success videos, to help you make the most out of your corporate information in order to swiftly make sound business decisions to survive and thrive in the current economic climate.

Oracle Resource Centre

News, Features and the latest whitepapers on SOA, Application Grid, Enterprise Management and Database

Sponsored Links
 
Back to top Sitemap
Copyright 2009 IDG Communications. ABN 14 001 592 650. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.