Adobe 9.1 and Acrobat 9.1 to Fix Exploited Vulnerability
Article by George Norman
On 11 Mar 2009
Adobe has released an update for Adobe Reader 9.0 and Acrobat 9.0, software applications that were plagued by a zero-day security vulnerability that would allow a person with malicious intent to overwrite memory at an arbitrary location. The security holes, which McAfee reported were being exploited in the wild, albeit in a targeted manner, have been plugged with the release of Adobe Reader 9.1 and Acrobat 9.1.

Security Program Manager with Adobe, David Lenoe, comments: “Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the ‘no-click’ variant of the vulnerability. We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1. We expect updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, to be available by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25.”

Advertising

It must be said that two means of exploiting the Adobe Reader and Acrobat security holes were detected: the first one is by getting people to download malformed PDF files, and while a specially-crafted embedded object would be parsed, the attacker managed to gain control of code execution; the second one was even more malicious in that it would exploit the vulnerability without actually getting the user to open a PDF file.

The US-CERT (United States Computer Emergency Readiness Team) explains: “When Adobe Reader is installed on a system, it adds an IFilter that allows applications such as the Windows Indexing Service to index PDF files. If the Windows Indexing Service processes a malicious PDF file stored on the system, the vulnerability can be exploited. Exploitation using this technique can require little to no user interaction. In addition to adding an IFilter, the Adobe Acrobat and Reader installation process adds a Windows Explorer Shell Extension. If Windows Explorer displays a folder that contains a malicious PDF file, the vulnerability can be exploited. Exploitation using this technique also requires little to no user interaction.”

If you would like to get Adobe Reader 9.1, a download location is available here.
If you would like to get Acrobat 9.1 Standard and Pro, a download location is available here.



Tags: Adobe, Adobe Reader, Adobe Acrobat, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 17 Jul 2017
If you want top notch protection for your Windows computer, you can’t go wrong by getting something developed by the internationally renowned security company Kaspersky Lab. The problem is that…
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Adobe 9.1 and Acrobat 9.1 to Fix Exploited Vulnerability
HTML Linking Code