Adobe ships critical PDF Reader patch

[nsane.forums]

Adobe has shipped a security bulletin with patches for two critical vulnerabilities in its PDF Reader and Acrobat software products. The flaws fixed in this out-of-cycle patch affects Adobe Reader 9.3.3 and earlier versions for Windows, Mac and UNIX; and Adobe Acrobat 9.3.3 and earlier versions for Windows and Mac.

Adobe’s advisory spells out the severity:

These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Today’s patch comes on the heels of Black Hat conference presentation where researcher Charlie Miller provided details of an exploitable vulnerability in Adobe’s PDF Reader software. Miller’s presentation did not include technical details of the flaw but attendees were able to piece together clues to determine that the flaw could lead to code execution attacks with rigged PDF files.

Adobe confirmed that this update fixes that Black Hat vulnerability. Google’s Tavis Ormandy is credited with reporting the flaw. Miller was not credited in Adobe’s advisory.

The update also incorporates patches from the Adobe Flash Player Security Bulletin APSB10-16.

View: Original Article