Adobe has released security updates for its popular Reader and Acrobat products for Windows users.
The fixes addressed a critical vulnerability (CVE-2013-5325) resolving a regression that permitted the launch of javascript scheme uniform resource identifiers (URIs) while users viewed a PDF in their web browser, Adobe said.
With the updates, a critical flaw (CVE-2013-5327) in Adobe publishing tool RoboHelp 10 for Windows users was also addressed. A memory corruption bug that could allow a saboteur to execute malicious code was fixed with the patch.
Sophos chief technology officer Paul Ducklin said it was doubtful that illegal software modifications made by hackers who recently stole Adobe source code would be noticed.
“My own opinion is that this is highly unlikely, not least because modern software engineering tools make it comparatively easy to track the changes to the source code files in a product between builds,” Ducklin wrote.
"Also, remember that this patch deals with fixing a regression – 'repatching' a previous patch – rather than with a shepherding in [of] a huge raft of changes throughout the product.”
