Home > slashdot > Adobe Finally Fixes Remote Launch 0-Day

Adobe Finally Fixes Remote Launch 0-Day

June 29th, 2010 06:41 admin Leave a comment Go to comments

Trailrunner7 sends in this excerpt from Threatpost (Adobe announcement here): “Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF ‘/Launch’ functionality social engineering attack vector that was disclosed by researcher Didier Stevens. As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.” Relatedly, Brian Krebs blogs about the downsides of Adobe’s increasingly Byzantine update process.

Source: Adobe Finally Fixes Remote Launch 0-Day

Related Articles:

  1. New Method Could Hide Malware In PDFs, No Further Exploits Needed
  2. Adobe Warns of Critical Zero Day Vulnerability
  3. New Adobe Flash 0-Day
  4. Adobe Warns of Reader, Acrobat Attack
  5. Adobe Warns of Flash, PDF Zero-Day Attacks
blog comments powered by Disqus