Feeds

Unpatched PDF flaw harnessed to launch targeted attacks

Adobe software pwned by crackers, again

Beginner's guide to SSL certificates

Adobe is investigating reports of unpatched flaws in its Reader and Acrobat software packages.

Zero-day bugs in Adobe Reader and Acrobat have reportedly been exploited by hackers to attack vulnerable systems, in a series of limited (presumably) targeted attacks since 11 December. Adobe Reader and Acrobat 9.2 or below are potentially vulnerable to attacks. Successful exploitation creates a means for hackers to inject hostile code onto vulnerable systems, security notification firm Secunia warns.

Adobe has posted a holding statement on its security blog, saying that it is investigating the flaw. It's unclear when a patch might become available.

Shadowserver suggests disabling JavaScript as a workaround, pending the availability of a patch from Adobe.

The latest security problem for Adobe follows the release of a patch for Flash and AIR addressing a previously unpatched vulnerability, released last week. Adobe is planning to publish a patch for a zero-day flaw in Illustrator on 8 January.

The popularity of Adobe software has made it a favoured target for hacking attacks over recent months. Booby-trapped PDF files have become as commonplace as browser exploits in hacking attacks. Part of the problem for this may be that applying Adobe updates is fiddlier and more time consuming than applying Microsoft fixes or patching browser exploits. Vulnerable ActiveX components can easily get left behind during updates, for example. ®

Security for virtualized datacentres

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.