New Security flaw Discovered in Adobe Illustrator
According to security researchers, the Illustrator application of Adobe is vulnerable to a special kind of exploit, which could be used by an attacker to execute software from a remote location.
Recently, a hacker (unidentified) placed a proof-of-concept exploit online on December 1, 2009, demonstrating the way to exploit the Illustrator loophole to execute illegitimate code on a victim's computer.
Ryan Naraine, Computer Security reporter at ZDNet, states that the flaw in Illustrator is related to a fault while parsing files with the extension .eps or 'encapsulated postscript.' Bearing some specific characteristics, these files can make the Illustrator software cause memory corruption on a computer and allow hackers to issue malicious commands to the vulnerable system, as reported by MXLogic on December 3, 2009.
Adobe too has substantiated the flaw. The company said via an official confirmation that Adobe was already aware about a possible flaw within Adobe Illustrator CS4 (CVE-2009-4195).
The security researchers stated that since the proof-of-concept exploit was currently made public and even malicious attackers could use it, the vulnerability was potentially a severe problem. According to the security provider 'Secunia,' Illustrator Creative Suite version 13 & 14 were affected by the flaw and other versions might be vulnerable.
Nevertheless, Brad Arkin, Director of Product Security at Adobe, stated that his group was yet to substantiate about the attack's ability for planting a virus on an affected system, as reported by PCWorld on December 3, 2009.
The Product Security Incident Response Team of Adobe said that after going through various security reports, the firm was working to develop a patch, which would likely to fix the problem and halt all future exploit attempts.
Meanwhile, Secunia suggests that users of Illustrator should not open files originating from unreliable sources.
The researchers state that hackers regularly aim at Adobe's products, whose some older versions are vulnerable to several delivery attacks of malicious software. But those attacks chiefly aim at Adobe's Flash plug-in with which videos or rich graphics can be displayed online.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 10-12-2009