Adobe Substantiates Fresh 0-Day Flaw In Adobe Reader

Adobe has substantiated that a 0-day flaw exists in its Reader application following its revelation during the end-week of July 2010 at the Las Vegas (US) held Black Hat security conference. If exploited the flaw can let attackers run malware on users' PCs by deceptively getting them to view booby-trapped files.

Principal security analyst Charlie Miller at Independent Security Evaluators is credited with revealing it. He says that the flaw is the result of an integer surplus inside the application during the parsing of fonts. Consequently, a very small scale of memory allocation takes place letting hackers to execute arbitrary malware on the host system. TheRegister published this on August 4, 2010.

Of the software which the vulnerability influences are Windows, Mac OS X and Unix.

Senior director of product security and privacy Brad Arkin at Adobe stated that security team members of the company heard Miller's speech and from that time had substantiated his declaration about the feasibility of executing remote code with the flaw. TheRegister published this.

Meanwhile, no reports have been obtained of the vulnerability getting exploited to serve malevolent purposes. Nevertheless, a patch is being prepared although Adobe isn't certain if it'll be released as an emergency patch or through its regular cycle of quarterly update.

Notably, the core aspect of the decision depends on finding out if Miller's talk provides sufficient information that'll enable the exploitation of the flaw within real-world attacks.

Said Arkin, indeed there were a few details in the screenshots and slides with regard to the crash details. And while the company assessed the right reaction, it would delve it and determine whether those details would be enough and in case so, the time it'd take for anyone to turn them into an attack, he added. Softpedia published this on August 4, 2010.

In the meantime, the security researchers, while remarking about the analyst's finding stated that it was the most recent for recording a security flaw in Adobe Reader. They added that the flaw placed end-users in danger of assaults, which could clandestinely plant malicious software capable of stealing sensitive information like passwords.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 8/12/2010