Feeds

Adobe patches Acrobat, Reader flaws

Read all about it

  • alert
  • submit to reddit

Remote control for virtualized desktops

Adobe has released updates for Acrobat and Reader to fix security bugs that might allow attackers to gain access to unpatched systems. A trio of vulnerabilities pose a risk to users of version 6.0.0 to 6.0.2 of Abode’s products.

First up, there's a vulnerability in the handling of Flash files embedded in PDF documents that can be exploited to read files on user's systems. Adobe has also acknowledged multiple flaws in a software library called 'libpng'. Lastly a format string error in an eBook plug-in creates a risk when parsing ".etd" files that could be exploited to execute arbitrary code.

Security firm Secunia describes the flaws as "highly critical". Adobe said that an exploit for the flaws is yet to be released. But that's no reason for complacency. Users are advised to upgrade to the 6.0.3 version of Reader or Acrobat to defend against the flaws. ®

Related stories

Cracker spills the beans on PDF flaw
Adobe anti-counterfeiting code trips up kosher users
Adobe beta tests Acrobat Reader 7.0

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
HTML5 vs native: Harry Coder and the mudblood mobile app princes
Developers just want their ideas to generate money
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.