Adobe issues security fixes for Reader and Acrobat
Vulnerabilities in Adobe Reader and Acrobat could allow an attacker to take over affected systems
- By Rutrell Yasin
- Jan 14, 2010
Adobe has released a patch to fix vulnerabilities in Adobe Reader and Acrobat that could allow an attacker to crash or take control of affected systems.
The vulnerabilities could allow a remote attacker to do a number of things, including executing code, writing files to the system or causing a denial of service, according to an alert issued Jan. 13 by the U.S. Computer Emergency Readiness Team’s National Cyber Alert System. Opening a PDF document with the malicious code in it would trigger the attack.
The vulnerabilities affect Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh.
Adobe Reader and the Adobe Acrobat family of software are designed to create, view, and edit Portable Document Format files. Adobe Reader is widely deployed, and the Acrobat Reader Plug-In displays a PDF inside a Web browser.
Some of these vulnerabilities are being actively exploited, the US-CERT alert states.
"While I have not seen any exploits on our network, many exploits have been reliably reported in the wild,” said Andrew Storms, director of security at nCircle, a provider of automated security and compliance solutions. The company also provides risk management services to users, keeping them abreast of the latest application vulnerabilities.
“We should expect that these exploits will continue to be effective for quite some time simply because Adobe's installed base is so large that it will take a while before everyone has the update installed,” he said.
"Once considered the safest document format, Adobe PDF has fallen prey to a rash of serious security threats," Storms said.
The vulnerabilities have been addressed in Adobe Reader 9.3 and 8.2, Adobe officials said.
Adobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier versions for Windows, Macintosh and UNIX to update to Adobe Reader 9.3 and Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions for Windows and Macintosh to update to Acrobat 8.2.
For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has provided the Adobe Reader 8.2 update. The company has also offered advice for lessening the risk of such attacks.
Rutrell Yasin is is a freelance technology writer for GCN.