Yet another Adobe Reader vulnerability discovered

By

A new vulnerability in Adobe Reader was reported today, joining a handful of other recently-discovered flaws affecting the popular software used to read PDF files.


The latest bug is caused by an unknown error in processing PDF files, according to vulnerability tracking firm Secunia. The "highly critical" flaw can be exploited by attackers to execute arbitrary code.

The vulnerability joins at least six others that have surfaced in recent days.

Most severe among them are five holes in browser plug-ins that could allow attackers to manipulate a website for cross-site scripting attacks.

A sixth flaw related to PDF document catalogue handling was reported Saturday as part of the Month of Apple Bugs project.

As a fix, users are urged to upgrade to versions 7.0.9 or 8.0, which was released in early December but does not contain any of the reported vulnerabilities, according to an Adobe bulletin.

Experts said PDFs have long been considered a safe way to send and retrieve documents, but that mindset may be changing.

"In using PDFs, some wish to sidestep the risks of malware-prone Microsoft Office documents," researcher Karthik Raman of McAfee Avert Labs said in a company blog post Tuesday. "But…we should all now be more careful with PDFs."

A spokesman for the USbased Adobe Systems told SCMagazine.com today that the company was not aware of any active exploits affecting customers.

Click here to email reporter Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
adobeanotherdiscoveredreadersecurityvulnerabilityyet

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?