Critical security announcements and previously undiscovered "zero-day" vulnerabilities are routine in the current computing environment, but the announcement of a flaw in Adobe's Acrobat Reader program is both surprising, and unwelcome. John Stokdyk reports
Adobe issued a security alert on Thursday 19 February warning that hackers had found a security hole in the program and were circulating corrupted PDFs that could give them remote access to infected computers.
IDG reported that malicious JavaScript routines can be created that swamp Acrobat's internal memory buffer. Once the vulnerability has been triggered, hackers can gain access to the infected computer to run malicious code. Further details are also available from the Shadowserver Foundation.
Zero-day flaws do not necessarily spell the end of civilisation as we know it, but Sophos senior security consultant Graham Cluley commented in his blog on the subject, "As PDF files are so widely used on the internet, and regularly exchanged to share information, there is an obvious concern that hackers may be quick to take advantage of this vulnerability."
Adobe said it expects to make available a patch available for Adobe Reader 9 and Acrobat 9 by 11 March, with updates for versions 7 and 8 to follow.
You might also be interested in