Adobe to patch exploited Acrobat flaw

~~Engineer Babar~~ · 10-14-2009, 10:43 AM

Software firm Adobe announced on Thursday that the company plans to plug a critical security hole in its Acrobat and Reader software, a hole which is currently being used to compromise PCs.

Calling the attacks "limited," the company stated in a blog post(http://blogs.adobe.com/psirt/2009/10...t_issue_1.html) that the current exploit can be blocked by disabling Javascript or, for Windows Vista users, if data-execution protection (DEP) is turned on. The vulnerability will be fixed as past of Adobe's regularly quarterly update scheduled for Tuesday, October 13, the company said.

"There are reports that this issue is being exploited in the wild in limited targeted attacks," the company said on its Product Security Incident Response Team (PSIRT) blog "The exploit targets Adobe Reader and Acrobat 9.1.3 on Windows."

In May, Adobe moved to a quarterly patch schedule for its popular Adobe Acrobat and Reader software, citing criticism from security researchers. Yet, despite the fact that attackers are increasingly targeting popular third-party applications, such as Adobe's, companies are less quick to patch issues in the software, compared to fixing flaws in core operating system components, according to a report published last month.

In its latest advisory, Adobe credits Chia-Ching Fang and the Information and Communication Security Technology Center in Taiwan with helping disclose the vulnerability.

http://www.securityfocus.com/brief/1022

10-14-2009, 10:43 AM	#1 (permalink)
~~Engineer Babar~~ Troubled Join Date: Jul 2009 Posts: 720 OS: xp home 2006 sp2	Adobe to patch exploited Acrobat flaw Software firm Adobe announced on Thursday that the company plans to plug a critical security hole in its Acrobat and Reader software, a hole which is currently being used to compromise PCs. Calling the attacks "limited," the company stated in a blog post(http://blogs.adobe.com/psirt/2009/10...t_issue_1.html) that the current exploit can be blocked by disabling Javascript or, for Windows Vista users, if data-execution protection (DEP) is turned on. The vulnerability will be fixed as past of Adobe's regularly quarterly update scheduled for Tuesday, October 13, the company said. "There are reports that this issue is being exploited in the wild in limited targeted attacks," the company said on its Product Security Incident Response Team (PSIRT) blog "The exploit targets Adobe Reader and Acrobat 9.1.3 on Windows." In May, Adobe moved to a quarterly patch schedule for its popular Adobe Acrobat and Reader software, citing criticism from security researchers. Yet, despite the fact that attackers are increasingly targeting popular third-party applications, such as Adobe's, companies are less quick to patch issues in the software, compared to fixing flaws in core operating system components, according to a report published last month. In its latest advisory, Adobe credits Chia-Ching Fang and the Information and Communication Security Technology Center in Taiwan with helping disclose the vulnerability. http://www.securityfocus.com/brief/1022