Adobe Reader Security Flaw Plagues Windows and Mac Users Alike
Article by George Norman
On 24 Feb 2009
Since Adobe’s product suite is steadily but surely turning into a very complex piece of software, it only comes as a given they will also be plagued by more problems, such as security vulnerabilities. Adobe Acrobat and Adobe Reader are vulnerable to a zero-day exploit, but that is not the most worrisome aspect of the situation. The thing that should have us all worried is the fact that this security hole is being exploited by people with malicious intent. The software developer has yet to issue a patch, stating that a fix will be made available in the following weeks.

“In parsing a specially-crafted embedded object, a bug in the reader allowed the attacker to overwrite memory at an arbitrary location. The attacks, found in the field, use the infamous heap spray method via JavaScript to achieve control of code execution. While the distribution of this exploit thus far appears to be targeted, new variants are expected as more information is made public. As with the Conficker experience, the lack of good patch management is a very worrying trend that deserves more attention from IT security practitioners. Adobe is expected to release a patch very soon,” explained security researcher with McAfee, Geok Meng Ong.


Adobe officials have stated that a patch for Adobe Acrobat 9 and Adobe Reader 9 will be issued as of March 11. People using older versions of these software applications will have to wait even longer than that for a fix. The problem is that with a security flaw that could allow someone to take complete control of your machine, that is a long time to wait with a vulnerable system.

According to The Shadowserver Foundation, the organization that discovered the security flaw, the number of exploits has increased considerably lately – mainly after the issue has been publicly disclosed. Security vendor Symantec says that initially it only tracked about 100 attacks, but that number is a thing of the past now. Sourcefire Inc., upon analyzing their database revealed one other worrisome problem: the security flaws have been exploited for 6 weeks now (since January, 2009).

Until the issue is addressed, you are well advised to keep your security software up-to-date, open PDF files that come from trustworthy sources only, and disable JavaScript within Adobe software. Alternatively you might do away with Adobe Reader by using Gmail PDF Viewer or by converting PDF files online for free.

Tags: Adobe Acrobat , Adobe Reader
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Adobe Reader Security Flaw Plagues Windows and Mac Users Alike
HTML Linking Code