Adobe To Release Fix for Acrobat Security Hole

Adobe will shortly release an update to address a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that was first reported in November.

The security hole is caused by boundary errors in the newplayer() JavaScript method in multimedia.api that can cause a computer to execute arbitrary code when a user opens a modified PDF file. The module, according to Core Security Technologies, runs a malicious Web site and waits for a user to trigger the exploit by connecting to the Web site through the PDF.

Adobe said it had reports that the vulnerability was being actively exploited. The company said updates addressing the problem would be available Jan. 12, 2010.

In other Adobe security news, the company released security patches for Illustrator CS4 and CS3 Thursday. The updates for both Mac OS X and Windows operating systems are designed to address issues that could subject systems to "arbitrary code execution," according to information released by Adobe.

About the Author

Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at dian@dischaffhauser.com.

comments powered by Disqus

White Papers:

  • Make a Difference. No Compromise. PDF screen shot

    Printing solutions have become complicated. With new options and technology, such as MFP or CLOUD services, it is making short and long term printing decisions much more complicated. Read this whitepaper to learn about available printing solutions that offer low acquisition costs, low energy consumption and speedy print production. Read more...