Categories: Security

Adobe Warns Of Zero-Day Vulnerability

Abobe’s software has once again been hit by hackers after the company said it was investigating reports of a critical new security vulnerability affecting its Illustrator software.

Proof-of-concept code for an attack was publicised this week and is circulating the web. According to Adobe, the vulnerability can be exploited via a malicious Encapsulated PostScript (.eps) file in Illustrator.

“Adobe is aware of a report of a potential vulnerability in Adobe Illustrator CS4 (CVE-2009-4195),” the company wrote in an advisory. “We are currently investigating this issue and will have an update once we have more information.”

Vupen Security stated in an advisory that the issue is caused by a memory corruption error when processing .eps files containing overly long data, which could allow attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted file.

The vulnerability is known to affect Illustrator Creative Suite versions 13 and 14.

Adobe’s next round of security updates is slated to come 8 December, although the company did not say whether a fix for the issue would be ready then. The company is, however, planning to update Adobe AIR and Adobe Flash Player to address “critical” security issues.

Earlier this year, Adobe changed its development and patching process to improve security. Part of those changes involved instituting a regular schedule for security releases, which now come the same day as Microsoft’s Patch Tuesday.

“The reason why Adobe’s products…have captured the attention of cyber-criminals is that they are so ubiquitous,” blogged Graham Cluley, senior technology consultant at Sophos. “It’s not an outrageous (gamble) for hackers to assume that you have some Adobe software on your computer, making it a potential avenue for attack.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago