Adobe 9.1 and Acrobat 9.1 to Fix Exploited Vulnerability
Adobe has released an update for Adobe Reader 9.0 and Acrobat 9.0, software applications that were plagued by a zero-day security vulnerability that would allow a person with malicious intent to overwrite memory at an arbitrary location. The security holes, which McAfee reported were being exploited in the wild, albeit in a targeted manner, have been plugged with the release of Adobe Reader 9.1 and Acrobat 9.1.
Security Program Manager with Adobe, David Lenoe, comments: “Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the ‘no-click’ variant of the vulnerability. We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1. We expect updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, to be available by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25.”
It must be said that two means of exploiting the Adobe Reader and Acrobat security holes were detected: the first one is by getting people to download malformed PDF files, and while a specially-crafted embedded object would be parsed, the attacker managed to gain control of code execution; the second one was even more malicious in that it would exploit the vulnerability without actually getting the user to open a PDF file.
The US-CERT (United States Computer Emergency Readiness Team) explains: “When Adobe Reader is installed on a system, it adds an IFilter that allows applications such as the Windows Indexing Service to index PDF files. If the Windows Indexing Service processes a malicious PDF file stored on the system, the vulnerability can be exploited. Exploitation using this technique can require little to no user interaction. In addition to adding an IFilter, the Adobe Acrobat and Reader installation process adds a Windows Explorer Shell Extension. If Windows Explorer displays a folder that contains a malicious PDF file, the vulnerability can be exploited. Exploitation using this technique also requires little to no user interaction.”
If you would like to get Adobe Reader 9.1, a download location is available here.
If you would like to get Acrobat 9.1 Standard and Pro, a download location is available here.
Tags: Adobe, Adobe Reader, Adobe Acrobat, Security
Security Program Manager with Adobe, David Lenoe, comments: “Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the ‘no-click’ variant of the vulnerability. We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1. We expect updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, to be available by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25.”
Advertising
It must be said that two means of exploiting the Adobe Reader and Acrobat security holes were detected: the first one is by getting people to download malformed PDF files, and while a specially-crafted embedded object would be parsed, the attacker managed to gain control of code execution; the second one was even more malicious in that it would exploit the vulnerability without actually getting the user to open a PDF file.
The US-CERT (United States Computer Emergency Readiness Team) explains: “When Adobe Reader is installed on a system, it adds an IFilter that allows applications such as the Windows Indexing Service to index PDF files. If the Windows Indexing Service processes a malicious PDF file stored on the system, the vulnerability can be exploited. Exploitation using this technique can require little to no user interaction. In addition to adding an IFilter, the Adobe Acrobat and Reader installation process adds a Windows Explorer Shell Extension. If Windows Explorer displays a folder that contains a malicious PDF file, the vulnerability can be exploited. Exploitation using this technique also requires little to no user interaction.”
If you would like to get Adobe Reader 9.1, a download location is available here.
If you would like to get Acrobat 9.1 Standard and Pro, a download location is available here.
Tags: Adobe, Adobe Reader, Adobe Acrobat, Security
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 09 Sep 2011
Adobe, California-based company that specializes in creating multimedia and creativity software products supports its products for a time period of five years. The company announced yesterday
By George Norman on 05 Jan 2012
This is proof that there are a lot of threats on the web and the perfect example of why you should use a properly good security solution to secure your data against viruses and other malware
By George Norman on 28 Nov 2011
Back in August we were reporting that Avast has a grand total of 160 million registered Avast! Free Antivirus Users. Fabricia from Brazil, the 160 millionth user to register the free antivirus product was rewarded with
By George Norman on 19 Oct 2011
Adobe, California-based company that specializes in creating multimedia and creativity software products, announced earlier this week that it released Adobe Reader version 10.1 for the Apple-developed iOS operating system and for the Google-developed Android operating systemAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Adobe 9.1 and Acrobat 9.1 to Fix Exploited Vulnerability
HTML Linking Code
HTML Linking Code