In association with heise online

13 May 2009, 09:17

Adobe closes critical Acrobat and Reader holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As promised last week, Adobe has released security updates that patch several security flaws in its Adobe Reader and Acrobat products. The updates fix a recently announced critical buffer overflow in the JavaScript function getAnnots() that could be used by an attacker to crash either application and potentially allow them to take control of the affected system. For an attack to be successful the user must first open a specially crafted malicious PDF document. Version 9.1.1, 8.1.5 and 7.1.2 of Adobe Reader and Acrobat fix the problem.

The UNIX version update closes a second hole in the JavaScript functionality where the customDictionaryOpen method can be manipulated to cause a denial of service or execute arbitrary code. Adobe Reader 9.1.1 for UNIX corrects the vulnerability.

All users that have not yet updated, are advised to do so. The updates are available to download for Windows, Mac and UNIX.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit