Peaches Posted May 13, 2009 Report Share Posted May 13, 2009 13 May 2009, 10:17Adobe closes critical Acrobat and Reader holes "As promised last week, Adobe has released security updates that patch several security flaws in its Adobe Reader and Acrobat products. The updates fix a recently announced critical buffer overflow in the JavaScript function getAnnots() that could be used by an attacker to crash either application and potentially allow them to take control of the affected system. For an attack to be successful the user must first open a specially crafted malicious PDF document. Version 9.1.1, 8.1.5 and 7.1.2 of Adobe Reader and Acrobat fix the problem.The UNIX version update closes a second hole in the JavaScript functionality where the customDictionaryOpen method can be manipulated to cause a denial of service or execute arbitrary code. Adobe Reader 9.1.1 for UNIX corrects the vulnerability.All users that have not yet updated, are advised to do so. The updates are available to download for Windows, Mac and UNIX."See also:Security Updates available for Adobe Reader and Acrobat, Adobe Security Bulletin.Buffer overflow issues in Adobe Reader and Acrobat, Adobe Security Bulletin.Demo exploits for new vulnerabilities in Adobe Reader, a report from The H.F-Secure advises against using Adobe Reader, a report from The H.Heise security - http://www.h-online.com/security/Adobe-clo...s--/news/113272 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.