In association with heise online

09 October 2009, 07:40

Adobe users under fire again

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe Logo Adobe warns of a security hole in Adobe Reader and Acrobat 9.1.3 for Windows, Macs and Linux. Again, the security hole is already being actively exploited before the vendor has released a patch to close it. According to Adobe, the current zero day attacks are limited to Windows systems.

Adobe plans to release updated versions of Reader for all platforms on the forthcoming Patch Tuesday, the 13th of October. A suggested workaround is to disable JavaScript, as this prevents the current exploits from being successful. However, the security hole can apparently also be exploited without JavaScript. Windows Vista systems with DEP enabled are said to be immune.

Since all the signs point towards a buffer overflow, another solution is to use a different PDF reader, such as Foxit Reader, instead of the Adobe software. As the exploits are tailored to Adobe Reader, they will reportedly be unsuccessful even if the alternative reader does contain the hole. According to the Internet Storm Center, PDF files can be decontaminated by converting them to PostScript and back.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit