Adobe Reader Security Flaw Plagues Windows and Mac Users Alike

Article by George Norman (Cybersecurity Editor)

on 24 Feb 2009

Since Adobe’s product suite is steadily but surely turning into a very complex piece of software, it only comes as a given they will also be plagued by more problems, such as security vulnerabilities. Adobe Acrobat and Adobe Reader are vulnerable to a zero-day exploit, but that is not the most worrisome aspect of the situation. The thing that should have us all worried is the fact that this security hole is being exploited by people with malicious intent. The software developer has yet to issue a patch, stating that a fix will be made available in the following weeks.

“In parsing a specially-crafted embedded object, a bug in the reader allowed the attacker to overwrite memory at an arbitrary location. The attacks, found in the field, use the infamous heap spray method via JavaScript to achieve control of code execution. While the distribution of this exploit thus far appears to be targeted, new variants are expected as more information is made public. As with the Conficker experience, the lack of good patch management is a very worrying trend that deserves more attention from IT security practitioners. Adobe is expected to release a patch very soon,” explained security researcher with McAfee, Geok Meng Ong.

Adobe officials have stated that a patch for Adobe Acrobat 9 and Adobe Reader 9 will be issued as of March 11. People using older versions of these software applications will have to wait even longer than that for a fix. The problem is that with a security flaw that could allow someone to take complete control of your machine, that is a long time to wait with a vulnerable system.

According to The Shadowserver Foundation, the organization that discovered the security flaw, the number of exploits has increased considerably lately – mainly after the issue has been publicly disclosed. Security vendor Symantec says that initially it only tracked about 100 attacks, but that number is a thing of the past now. Sourcefire Inc., upon analyzing their database revealed one other worrisome problem: the security flaws have been exploited for 6 weeks now (since January, 2009).

Until the issue is addressed, you are well advised to keep your security software up-to-date, open PDF files that come from trustworthy sources only, and disable JavaScript within Adobe software. Alternatively you might do away with Adobe Reader by using Gmail PDF Viewer or by converting PDF files online for free.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all