iTnews
  • Home
  • News
  • Technology
  • Security

Adobe warns of PDF threat

By Shaun Nichols
Feb 23 2009 3:38PM
Follow google news

Users are being urged to use caution when handling PDF files following the discovery and subsequent attack of a flaw in Adobe software.

The company said that it had received reports of attacks targeting a previously unknown flaw in both Adobe Reader and Acrobat.

When exploited, the flaw allows an attacker to remotely execute code on a targeted system.

The issue is believed to effect version nine and earlier of both Acrobat and Reader. According to security firm Shadowserver, the vulnerability exists in the way both programs handle JavaScript within PDF files.

The infected files trigger a memory buffer overflow, which in turn allows the attacker to remotely execute code on the targeted system.

"Right now we believe these files are only being used in a smaller set of targeted attacks," wrote researcher Steven Adair.

"However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the internet".

Adobe said that users should expect to see a fix for the vulnerability by March 11.

In the meantime, researchers at both Shadowserver and the US Computer Emergency Response Team recommend that users disable the ability for documents to execute Javascript code in both Acrobat and Reader through the application's preference panel.

Adobe warns of PDF threat

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
acrobatadobeattacksbothcodeexecutesecurity

Related Articles

  • US gov shortens cyber fix window to three days US gov shortens cyber fix window to three days
  • Anthropic releases Mythos-class model for public use Anthropic releases Mythos-class model for public use
  • Apple bumps up security in fresh operating system releases Apple bumps up security in fresh operating system releases
  • Meta accuses NSO Group of violating court order by WhatsApp spear phishing Meta accuses NSO Group of violating court order by WhatsApp spear phishing
Join our WhatsApp Channel

Partner Content

From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Promoted Content From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
Partner Content Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
CommBank creates opportunities for technologists to upskill with frontier AI companies
Partner Content CommBank creates opportunities for technologists to upskill with frontier AI companies
Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Promoted Content Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment

Sponsored Whitepapers

When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.