October 14th, 2009
Adobe joins Patch Tuesday barrage: 29 PDF security flaws
Adobe joined Microsoft’s Patch Tuesday barrage this week with the release of a monster update to fix 29 documented security vulnerabilites in the Adobe Reader and Acrobat software products.
The vulnerabilities, rated “critical,” patches code execution holes that can be exploited my malicious hackers to take complete control of an affected system. At least one of the vulnerabilities has already been exploited in the wild.
[ SEE: New Adobe PDF flaw under attack ]
From Adobe’s bulletin:
Critical vulnerabilities have been identified in Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. This update represents the second quarterly security update for Adobe Reader and Acrobat.
Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates. Updates apply to all platforms: Windows, Macintosh and UNIX.
Affected software versions include Adobe Reader 9.1.3 and earlier versions for Windows, Macintosh, and UNIX; and Adobe Acrobat 9.1.3 and earlier versions for Windows and Macintosh.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
