Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe has confirmed a dangerous vulnerability affecting the latest versions of Reader and Acrobat.The unpatched flaw, which is being leveraged in active attacks, could be targeted to crash a user's machine or take complete control of it, according to an advisory. The bug affects Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX and Acrobat 9.3.4 and earlier versions for Windows and Mac.The issue first was reported by researcher Mila Parkour, who runs the Contagio Malware Dump blog. She discovered the flaw through a phishing email that contained a malicious PDF attachment, Parkour wrote.The subject of the bogus message read "David Leadbetter's One Point Lesson", and the body tried to convince recipients into opening the malicious PDF to receive tips from the well-known golf instructor.Writing on the SANS Internet Storm Center blog, incident handler John Bambenek said a number of anti-virus products have caught the exploit because the PDF looks suspicious. And if it does get through to inboxes, users should be able to act before their machines get infected, he said."The exploit in the wild I'm aware of causes a crash in Acrobat/Reader and then tries to open a decoy file," Bambenek wrote. "So the good news is that, as of right now, it's a 'loud' exploit.'"Vulnerability tracking firm Secunia graded the flaw "extremely critical" — its most severe rating — and said it is "caused due to a boundary error within the font parsing of CoolType.dll and can be exploited to cause a stack-based buffer overflow." CoolType.dll is a component of Adobe CoolType, a font-rendering technology.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.