Adobe Set To Plug PDF Flaws

Adobe Systems is planning to issue an out-of-band security update later this month to plug multiple security holes, including one discussed last week at the Black Hat security conference.

The update will cover critical bugs affecting Adobe Reader and Acrobat. Among them will be a flaw mentioned at Black Hat by Charles Miller, principal security analyst with consulting firm Independent Security Evaluators. The bug, which can be used by attackers to compromise a system, is due to an integer overflow error.

“We are planning to make available an out-of-band security update for Adobe Reader and Acrobat during the week of August 16, 2010,” an Adobe spokesperson told eWEEK. “This update will resolve critical security issues in Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010.”

Memory Corruption

According to Secunia, the vulnerability uncovered by Miller can be exploited to corrupt memory via a PDF file containing a specially-crafted TrueType font, and affects Adobe Reader versions 8.2.3 and 9.3.3 as well as Acrobat 9.3.3. The company warned that earlier versions may be affected as well, and advised users not to open untrusted PDF files with the software.

The Adobe spokesperson said the company is currently unaware of any exploits in the wild targeting any of the issues slated to be covered in the update.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago