Adobe warns of zero-day bug in Illustrator

For change, then, Adobe itself has announced it has discovered a flaw in its Illustrator software that could - in theory at least - allow an attacker to execute malicious code on a user's system.

In a blog posting, David Lenoe, an application developer with Adobe, said Adobe is working on the security flaw.

In a posting made late Thursday, Lenoe said that Adobe is aware of a report of a potential security vulnerability in Adobe Illustrator CS4 and is currently investigating the issue.

Late on Friday (UK time) Lenoe updated his blog saying that the vulnerability affects Adobe Illustrator CS3 and CS4 on the Windows and Macintosh platforms.

"We expect to publish a Security Advisory on 7 December with further information, including a schedule for an update to resolve the issue", he said.

"As previously reported, a successful exploit of the vulnerability would require a local user to take the action of opening a malicious opening .eps files from unknown sources in Illustrator until a patch is available", he added.

Infosecurity notes that this security flaw is potentially very serious as a proof-of-concept malware has already been posted to the Altervista hacker portal.

What’s hot on Infosecurity Magazine?