Adobe Patches Critical Reader, Acrobat Flaws

Users of the ultra-popular Adobe Reader and Acrobat applications should patch the software pronto to plug a highly critical vulnerability that could let attackers crash systems and inject malicious code into PCs and Macs.

InformationWeek Staff, Contributor

August 18, 2005

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Users of the ultra-popular Adobe Reader and Acrobat applications should patch the software pronto to plug a highly critical vulnerability that could let attackers crash systems and inject malicious code into PCs and Macs.

According to Adobe, the buffer overflow vulnerability lies within an unnamed core application plug-in that's part of both Acrobat and the free Reader. An attacker who creates a malicious PDF file and tricks a user into opening it could crash the app, and perhaps execute additional code to grab control of the machine.

Windows, Mac, Linux, and Solaris editions of Acrobat and Reader are vulnerable to the flaw, Adobe said in its security advisory. New versions of Acrobat and Reader have been posted on the Adobe download site, although current users can also update from within the applications.

Because Adobe Reader is present on about 90 percent of desktops -- the free viewer makes it possible to open, read, and print the PDF file format, a popular way to present documents on the Internet -- security vendors such as Secunia rated the vulnerability as "highly critical" and recommended that users update as soon as possible. U.S. CERT, the United States Computer Emergency Response Team, issued its own advisory and also advised users to "access PDF files from trusted or known sources [to reduce] the chances of exploitation."

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights