Adobe users under fire again
Adobe warns of a security hole in Adobe Reader and Acrobat 9.1.3 for Windows, Macs and Linux. Again, the security hole is already being actively exploited before the vendor has released a patch to close it. According to Adobe, the current zero day attacks are limited to Windows systems.
Since all the signs point towards a buffer overflow, another solution is to use a different PDF reader, such as Foxit Reader, instead of the Adobe software. As the exploits are tailored to Adobe Reader, they will reportedly be unsuccessful even if the alternative reader does contain the hole. According to the Internet Storm Center, PDF files can be decontaminated by converting them to PostScript and back.
- Security Advisory for Adobe Reader and Acrobat, Pre-Security Advisory from Adobe
- Adobe and Oracle delay their patch days, Report from The H Security