Several critical holes closed in Adobe Reader 8 and Acrobat 8
Adobe has released version 8.1.3 of Adobe Acrobat and the free Acrobat Reader to close eight security holes. Some of the holes allow attackers to inject code into a system and execute it via specially crafted PDF documents. The current versions 9.x of Acrobat and Reader for Windows and Mac are not affected. Therefore, Mac and Windows users can either switch to version 9 or update to 8.1.3.
Interestingly, several security service providers found this hole approximately at the same time. It is, however, likely that they followed up on a very similar hole closed about five months ago in the alternative Foxit Reader. An overflow can also be caused by loading specially crafted fonts. Furthermore, another unspecified flaw can reportedly trigger a memory leak.
Users should not hesitate to install the current versions, although no public exploits have so far been identified. If three service providers found this problem independently of each other, it is likely that criminals are also aware of the hole.
- Security Update available for Adobe Reader 8 and Acrobat 8, Error report from Adobe
- Adobe Acrobat Professional And Reader AcroJS Heap Corruption Vulnerability, Error report from iDefense
- Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability, Error report from iDefense
- Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability, Error report from ZDI
- Adobe Acrobat/Reader "util.printf()" Buffer Overflow, Error report from Secunia