Adobe has released updates for Acrobat and Reader to fix security bugs that might allow attackers to gain access to unpatched systems. A trio [1] of vulnerabilities pose a risk to users of version 6.0.0 to 6.0.2 of Abode’s products.

First up, there's a vulnerability in the handling of Flash files embedded in PDF documents that can be exploited to read files on user's systems. Adobe has also acknowledged multiple flaws [2] in a software library called 'libpng'. Lastly a format string error in an eBook plug-in creates a risk when parsing ".etd" files that could be exploited to execute arbitrary code.

Security firm Secunia describes the flaws as "highly critical". Adobe said that an exploit for the flaws is yet to be released. But that's no reason for complacency. Users are advised to upgrade [3] to the 6.0.3 version of Reader or Acrobat to defend against the flaws. ®

Related stories

Cracker spills the beans on PDF flaw [4]
Adobe anti-counterfeiting code trips up kosher users [5]
Adobe beta tests Acrobat Reader 7.0 [6]

Links

1. http://secunia.com/advisories/13471/
2. http://secunia.com/advisories/12219
3. http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679
4. http://www.theregister.co.uk/2003/06/18/cracker_spills_the_beans/
5. http://www.theregister.co.uk/2004/01/15/adobe_anticounterfeiting_code_trips_up/
6. http://www.theregister.co.uk/2004/09/21/adobe_acrobat_reader7/