Adobe PDF Reader patched due to critical flaws

In the last couple of months, Adobe has been hit by clipboard and SQL injection attacks. Now PDF file and JavaScript vulnerabilities force a new patch to be released.

Adobe has issued a security update to fix critical vulnerabilities in its PDF-focused Adobe Reader and Acrobat applications.

Adobe Reader version 9, released in June of this year, is not affected.

The vulnerabilities were identified in Adobe Reader and Acrobat 8.1.2 as well as earlier versions and caused the application to crash as well as potentially allowing an attacker to take control of the affected system.

Security vendor Core Security said that Adobe Reader was able to be exploited through the use of a specially-crafted PDF file which carries malicious JavaScript content.

For the vulnerability to successfully work, a user would need to open the maliciously-crafted PDF file. Attackers would then be free to execute arbitrary code.

Once Core Security made the discovery, it alerted Adobe and the two companies joined forces to create a patch to solve the problem and protect vulnerable users.

Core Security's chief technology officer (CTO) Ivan Arce said that the complexity of Adobe Reader created a broad surface for potential vulnerabilities and that Adobe's inclusion of a JavaScript engine could have introduced implementation bugs.

He said: "The bug was discovered while investigating a previously disclosed and similar problem in another PDF application, highlighting the manner in which common implementation mistakes are frequently shared among multiple vendors."

It's not the first time Adobe has had security problems in the recent months. In August, Adobe investigated Flash banner ads hijacking users' clipboards, while in October Adobe's website suffered a SQL injection attack.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
IBM teams with Adobe and Red Hat to drive personalized customer experiences
Cloud

IBM teams with Adobe and Red Hat to drive personalized customer experiences

20 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020