Infosecurity - Adobe to issue out-of-band patch for latest vulnerability

The exploit for Adobe Reader and Acrobat unveiled by researcher Charlie Miller at last week’s Black Hat conference in Las Vegas has been confirmed by Adobe, which says it will issue an out-of-band patch for the exploit by mid-August.

Adobe acknowledged what it calls a “critical security” flaw, which causes an integer overflow error in the way the PDF reader parses fonts. Miller said this potential exploit can allow for remote code execution, a claim that has also been confirmed by security firm Secunia, which issued its own advisory.

This all has Adobe moving to fix the flaw quickly, as the company announced it would issue an out-of-band patch the week of August 16, ahead of its regularly scheduled quarterly update that was planned for mid-October.

The patch will update Adobe Reader 9.3.3 for Windows, Mac, and UNIX, in addition to Adobe Acrobat 9.3.3 for Windows and Mac. Also affected by the updates are Adobe Reader 8.2.3 and Adobe Acrobat 8.2.3, both for Windows and Mac.

A spokesperson for Adobe told Infosecurity that the company is not aware of any exploits in the wild concerning these vulnerabilities.

This article is featured in:
Application Security

Comment on this article

You must be registered and logged in to leave a comment about this article.

Share

Related Links

Top 5 Stories

News

Adobe to issue out-of-band patch for latest vulnerability

The exploit for Adobe Reader and Acrobat unveiled by researcher Charlie Miller at last week’s Black Hat conference in Las Vegas has been confirmed by Adobe, which says it will issue an out-of-band patch for the exploit by mid-August.

Comment on this article

Members' Login

Not a member?