Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe has issued an emergency fix for Reader and Acrobat to address a "critical flaw", first disclosed at the Black Hat conference in Las Vegas, that could allow an attacker to compromise a user's system.The updates, Adobe Reader and Acrobat versions 9.3.4 and 8.2.4, fix an integer overflow error in the way the PDF viewer parses fonts. The vulnerability could allow an attacker to execute arbitrary code on an affected system, according to Adobe's security bulletin. The flaw was disclosed by Charlie Miller, principal security analyst at consulting firm Independent Security Evaluators, during a Black Hat presentation. The bug can be exploited by an attacker to corrupt memory via a specially crafted PDF file, according to an advisory from security firm Secunia. The vulnerability affects Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh and UNIX, along with Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh. Adobe was considering releasing the fix during its normal quarterly cycle in October, but decided otherwise, even though there are no reported exploits. Additionally, six Flash Player vulnerabilities, listed as "critical," were fixed in the code included Reader and Acrobat updates. The vulnerabilities, which were fixed in Flash Player itself last week, could be exploited by an attacker to crash the multimedia application or take control of a user's system. Reader and Acrobat ship with Flash Player code, so typically when there is an update to Flash, Adobe needs to make the same updates to the code in Reader and Acrobat, a company spokeswoman told SCMagazineUS.com in an email. Flash Player is not affected by vulnerabilities in Reader and Acrobat. Only Reader and Acrobat are affected by certain vulnerabilities in Flash Player, the spokeswoman said. Adobe is scheduled to release the next quarterly security updates for Reader and Acrobat on October 12.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.