The Inquirer-Home

Adobe will issue Reader and Acrobat patches this week

Following Fireeye's findings last week of PDF files tainted with malicious software
Mon Feb 18 2013, 09:38
Adobe Systems logo

SOFTWARE DEVELOPER Adobe has announced that it will release emergency patches for two vulnerabilities that were found in its Reader and Acrobat software last week.

The company said last Wednesday that it was investigating a report by security firm Fireeye, which had received "PDF files tainted with malicious software" that could take advantage of a newly discovered flaw.

"Adobe plans to make available updates for Adobe Reader and Acrobat XI for Windows and Macintosh, X for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux, during the week of February 18, 2013," the company said on Saturday in its security incident response team's blog.

The company also said it has updated an associated security advisory to include the planned schedule for a patch to resolve bulletins CVE-2013-0640 and CVE-2013-0641 in Reader for Windows, OS X and Linux.

The vulnerabilities were first discovered last Wednesday by Fireeye, which said in a blog post that it had identified a PDF zero day flaw that was being exploited in the wild.

"We observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1," Fireeye said in its blog.

Upon successful exploitation, the malicious code will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.

However, further information regarding the flaws is not available, as both Fireeye and Adobe have agreed to not release any technical details of the zero day exploit to the public until the issue has been resolved. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Apple announces the iPhone 6, iPhone 6 Plus and Apple Watch

Which of Apple's new products will you be buying?