Adobe To Release Fix for Acrobat Security Hole

Adobe will shortly release an update to address a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that was first reported in November.

The security hole is caused by boundary errors in the newplayer() JavaScript method in multimedia.api that can cause a computer to execute arbitrary code when a user opens a modified PDF file. The module, according to Core Security Technologies, runs a malicious Web site and waits for a user to trigger the exploit by connecting to the Web site through the PDF.

Adobe said it had reports that the vulnerability was being actively exploited. The company said updates addressing the problem would be available Jan. 12, 2010.

In other Adobe security news, the company released security patches for Illustrator CS4 and CS3 Thursday. The updates for both Mac OS X and Windows operating systems are designed to address issues that could subject systems to "arbitrary code execution," according to information released by Adobe.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • businessman holding tablet with holographic AI icons

    Google Moving AI Agents into Mainstream Product Portfolio

    At its recent I/O developer conference, Google positioned artificial intelligence agents not as a distant research project, but as a product strategy spanning Search, personal assistants, productivity software, developer tools, and smart glasses.

  • person typing on a touch screen schedule plan calendar

    Deadline Extended for ADA Title II Compliance

    Schools working to meet the Americans with Disabilities Act Title II regulations for digital accessibility have received a temporary reprieve: The United States Department of Justice has published an interim final rule to push back the compliance deadline by one year.

  • Digital tablet displaying abstract glowing light patterns and data streams

    McGraw Hill, T-Mobile Partnership Pairs Digital Learning Tools with 5G-Enabled Tablets

    In an effort to help schools bridge the digital divide, McGraw Hill and T-Mobile have teamed up to provide an integrated solution that combine's the former's digital learning tools with 5G-enabled devices powered by T-Mobile's 5G network.

  • abstract cybersecurity data protection

    Rubrik Announces Google Workspace Data Protection

    Rubrik has introduced Rubrik Data Protection for Google Workspace, a product the company said is designed to help enterprise customers protect data and restore operations across Google Workspace environments.