Adobe users under fire again
Adobe warns of a security hole in Adobe Reader and Acrobat 9.1.3 for Windows, Macs and Linux. Again, the security hole is already being actively exploited before the vendor has released a patch to close it. According to Adobe, the current zero day attacks are limited to Windows systems.
Adobe plans to release updated versions of Reader for all platforms on the forthcoming Patch Tuesday, the 13th of October. A suggested workaround is to disable JavaScript, as this prevents the current exploits from being successful. However, the security hole can apparently also be exploited without JavaScript. Windows Vista systems with DEP enabled are said to be immune.
Since all the signs point towards a buffer overflow, another solution is to use a different PDF reader, such as Foxit Reader, instead of the Adobe software. As the exploits are tailored to Adobe Reader, they will reportedly be unsuccessful even if the alternative reader does contain the hole. According to the Internet Storm Center, PDF files can be decontaminated by converting them to PostScript and back.
See also:
- Security Advisory for Adobe Reader and Acrobat, Pre-Security Advisory from Adobe
- Adobe and Oracle delay their patch days, Report from The H Security
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
