Zero-day flaw Discovered in Acrobat and Adobe Reader

Adobe has recently issued a security alert about a new zero-day flaw in the famous PDF view Adobe Reader and Acrobat.

As per the warning, the critical vulnerability is present in Adobe Reader 9.3.4 and earlier for Windows, Macintosh and Unix systems. It is also present in Adobe Acrobat versions 9.3.4 and previous versions of Windows and Macintosh.

The warning also claims that this vulnerability could result in a crash and potentiality enable a hacker to control the affected system.

Security firm Secunia issued an "Extremely Critical" advisory. The firm described the flaw as presently in the wild and exploited by malware Adobe Reader, as per the news by pcr-online.biz on September 9, 2010.

Adobe did not reveal technical details about the flaw, but the advisory released by Secunia stated that the issue emanated due to "a boundary error within the font parsing in CoolType.dll. The flaw could be exploited to launch stack-based buffer overflow attacks by deceiving users into viewing a specially designed PDF file, as per the reports by eweek.com on September 8, 2010.

The security experts opined that the vulnerability is the newest in a string of exploits from malware creators which usually exploit the face that Adobe Reader is often installed on systems as a browser plug-in which provides a route to circumvent browser security measures.

Adobe authorities have not given any timeline for when a patch would be available, but assured that the firm would continue to provide users with updated details.

As per Adobe, they have been working to improve the security of its applications after coming under sustained attack from malware authors. Adobe is vigorously exchanging information about this flaw and other vulnerabilities with partners in the security community so that they quickly develop detection and quarantine methods to safeguard users until a patch is available.

Adobe has advised users to lay emphasis on security best practices by using updated anti-malware software. The users are also recommended not to open unfamiliar files.

Related article: Zero-day Flaw in Internet Explorer Revealed

» SPAMfighter News - 9/17/2010