PDF reader flaw fixed

Adobe has patched two flaws, including a critical vulnerability that could put users at risk of attack

Adobe Systems joined Microsoft on “Patch Tuesday” and delivered fixes for two security flaws in the ubiquitous Adobe PDF reader software.

The vulnerabilities affect Adobe’s Acrobat and Reader software for both the Windows operating system and Apple’s Mac OS, Adobe said in two separate security advisories. If left unpatched, the flaws could put Windows and Mac users at risk of a cyberattack.

Adobe’s fixes came on the same day that Microsoft issued seven security bulletins with updates to repair 18 vulnerabilities in Windows and Office, including what security experts deem a dangerous Windows worm hole.

The most serious of the two Adobe flaws is a “buffer overflow” vulnerability that affects Adobe Acrobat 6.0.4 and earlier for both Windows and Mac OS, Adobe said. The company categorises this as a “critical” update and recommends computer users update to version 6.0.5.

An attacker could exploit the vulnerability by crafting a malicious PDF (Portable Document Format) file. Opening that file could cause a complete compromise of the vulnerable PC or cause Acrobat to crash.

Full story: ZDNet UK