Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Adobe Patches Multiple Bugs in PDF

After admitting a serious flaw in its well-known Acrobat and Reader software, Adobe a week later patched multiple bugs to prevent attackers from loading malicious code on reliable PDF documents to capture control of PCs.

In an advisory Adobe said the flaws affected Adobe Reader and Adobe Acrobat Standard Elements and Professional version 7.0.8 and previous ones, as well as Adobe Acrobat 3D. Secunia rated the Reader vulnerability as "highly critical".

Adobe issued the version 7.0.9 updates on January 9, 2007 that would handle security gaps to stop outsiders from exploiting them and accessing hard disk drives. The attackers achieve this by planting malicious links in PDF files running on exposed computers.

In a posting on its website Adobe urges users of Adobe Reader to update to the latest version, Reader 8. For users of Adobe 7 who wish to maintain their current version can go by the instructions given in the bulletin. Adobe also outlined recommendations for servers that host Adobe website and operators of the site.

The updates came after two Italian security researchers discussed vulnerability in Open Parameters feature in Adobe Reader. The flaw could enable distant attackers to plant arbitrary JavaScript into a browser. Concerns grew after the discovery because the flaw was easy to exploit for launching an attack with the use of PDF files being hosted on a website.

Version 7.0.9 also fixes an earlier unknown hole that researcher Piotr Bania working independently has made open. Attackers can exploit this vulnerability to inject and run malware in the Windows and Linux versions of Reader 7.0.8 and previous versions, through PDF files.

Bania has, however, not demonstrated the exploit because he thinks the flaw is too severe and makes undesirable effects.

Updates for Windows, Linux, and Mac OS X versions of the 7.0.9 Acrobat and Reader are available on the Adobe Web site for download. Users of Mac OS X who want to upgrade from 7.0.8 can avail another patch without the need to download and install the entire applications.

Adobe Acrobat and Adobe Reader 6.x, vulnerable to cross-site scripting flaw will soon have updates, said a company spokesman.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 1/16/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page