Adobe PDF flaw gets homebrewed patch
By Asavin Wattanajantra,
A researcher for the security firm Sourcefire has published a homemade patch for the flaw which Adobe warned users about last week.
Adobe said at the time that users would have to wait until 11 March for it to release a patch for the flaw, which left users open to malicious PDF files that could be used by attackers to take control of the affected system.
However Lurene Grenier, research engineer at the Sourcefire Vulnerability Research Team, said that the patch (which only worked on Adobe Reader 9) was a replacement DLL that could write over the old version.
She said on the blog: “In the event that you do open a bad PDF file, you should see a pop up with the phrase ‘insufficient data for an image’, and nothing will show up. Reader will go on living happily.”
However she said that the patch was created using only tools she could find at home, and that there was no guarantee that it would work for all attacks.
According to security research organisation Shadowserver, there have already been targeted attacks that are actively exploiting the flaw. However, disabling JavaScript could mitigate the exploit.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- BlackBerry Bold 9790 review
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Will someone rid me of these troublesome Macs?
- Lenovo beats expectations again
- Who to trust after the VeriSign hack?
- Google to promise fairness after Motorola buy
- Report: Google cloud storage coming soon
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
