Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A critical flaw in Adobe Reader and Acrobat that was disclosed last week at the Black Hat Conference in Las Vegas could allow an attacker to compromise a user's system. The flaw, which is caused by an integer overflow error in the way the PDF viewer parses fonts, was disclosed by Charlie Miller, principal security analyst at consulting firm Independent Security Evaluators. The vulnerability can be exploited by an attacker to corrupt memory via a specially crafted PDF file, according to an advisory from security firm Secunia. If exploited successfully, the flaw could allow an attacker to execute arbitrary code on an affected system. “We are aware of the vulnerability reported by Charlie Miller at Black Hat and are in the process of developing a patch,” Adobe said in a statement. Adobe is currently evaluating whether to distribute a fix for the vulnerability as part of its next quarterly update for Adobe Reader and Acrobat, scheduled for October 12, or as an “out-of-band” security update. The vulnerability affects the current version of the software, Adobe Reader 9.3.3, and earlier versions for Windows, Macintosh and UNIX, Adobe said. It also affects Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh. There are no reports of the bug being exploited in the wild. Meanwhile, a similar flaw affecting the mobile version of Apple's Safari browser is being exploited to jailbreak the latest iPhone, according to security researchers. The exploit, which is available at jailbreakme.com, makes use of two unique vulnerabilities, including a PDF font parsing vulnerability in Mobile Safari, to jailbreak the iPhone 4, thereby allowing users to install unapproved applications. While the jailbreak hack is non-malicious, researchers warned that an attacker could potentially exploit the underlying vulnerabilities for more malicious purposes. An Apple spokeswoman told SCMagazineUS.com that the company is aware of the issue. "We have already developed a fix and it will be available to customers in an upcoming software update,” she said.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.