Adobe issues alert over Acrobat bug

Acrobat and Acrobat Reader, two of the most widely used desktop applications, contain serious security flaws that could be used to take over a system, according to Adobe. The company urged users to update the software immediately.

Adobe Reader is Adobe’s tool for reading PDF (Portable Document Format) files, while Acrobat can also create PDF files and has other more advanced features. Affected are Reader and Acrobat versions 5.1, 6.0 to 6.0.3, and 7.0 to 7.0.2. Users can update to versions 5.2, 6.0.4 or 7.0.3 via the software’s built-in automatic update or via a manual download from Adobe’s site.

The bug is found in a core application plug-in found in both Acrobat and Reader, according to Adobe, and could be exploited by tricking the user into opening a malicious PDF file. Because PDFs can be embedded into web pages, such an attack wouldn’t necessarily require any user intervention. “If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader,” Adobe said in its advisory. “A buffer overflow can cause the application to crash and increase the risk of malicious code execution.”

US-CERT, the U.S. Computer Emergency Readiness Team, issued its own advisory on the flaw. FrSIRT, the French Security Incident Response Team, and independent security firm Secunia both assigned the bug highly critical ratings.

Network administrators may not have much leisure to patch — recently hackers have been taking less time to come up with worms that exploit known vulnerabilities in widely used software. A bug in Microsoft Windows Plug n Play, patched last Tuesday, quickly morphed into exploit code, and then into worms such as Zentob, which on Tuesday successfully disrupted systems at CNN, The New York Times, ABC and other large organizations in the U.S., Germany and Asia.

The bug went from disclosure to widespread worm attacks within a week, one of the fastest-developing security threats so far, security experts said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now