Vulnerability in UNIX version of Adobe Acrobat Reader
Adobe has published a security advisory concerning a vulnerability in UNIX version 8.1.2 of its Acrobat Reader. The vendor writes that a flaw in the launcher script, acroread
, can be exploited to escalate system privileges and edit or delete files. Temporary data are saved with the wrong privileges, allowing symlink attacks to be executed. The flaw can only be exploited locally. No update has yet been made available, but Adobe says it is working on one.
See also:
- Privilege escalation issue in Adobe Reader 8.1.2 for Unix, Adobe security advisory
(mba)