Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Virus alert: Zero-day flaw found in Adobe Acrobat

by
20th Feb 2009
Save content
Have you found this content useful? Use the button above to save it to your profile.

Critical security announcements and previously undiscovered "zero-day" vulnerabilities are routine in the current computing environment, but the announcement of a flaw in Adobe's Acrobat Reader program is both surprising, and unwelcome. John Stokdyk reports

Adobe issued a security alert on Thursday 19 February warning that hackers had found a security hole in the program and were circulating corrupted PDFs that could give them remote access to infected computers.

IDG reported that malicious JavaScript routines can be created that swamp Acrobat's internal memory buffer. Once the vulnerability has been triggered, hackers can gain access to the infected computer to run malicious code. Further details are also available from the Shadowserver Foundation.

Zero-day flaws do not necessarily spell the end of civilisation as we know it, but Sophos senior security consultant Graham Cluley commented in his blog on the subject, "As PDF files are so widely used on the internet, and regularly exchanged to share information, there is an obvious concern that hackers may be quick to take advantage of this vulnerability."

Adobe said it expects to make available a patch available for Adobe Reader 9 and Acrobat 9 by 11 March, with updates for versions 7 and 8 to follow.

Tags:

Replies (1)

Please login or register to join the discussion.

John Stokdyk, AccountingWEB head of insight
By John Stokdyk
25th Feb 2009 18:22

Patch update published
An updated Adobe security bulletin provided a bit more detail about the vulnerability, which affected Adobe Flash Player 10.0.12.36 and earlier versions.

Adobe has also developed a patched version of Flash Player 9, Flash Player 9.0.159.0.

John Stokdyk
Technology editor
AccountingWEB.co.uk

Thanks (0)