Adobe patches Acrobat, Reader flaws
Read all about it
Adobe has released updates for Acrobat and Reader to fix security bugs that might allow attackers to gain access to unpatched systems. A trio of vulnerabilities pose a risk to users of version 6.0.0 to 6.0.2 of Abode’s products.
First up, there's a vulnerability in the handling of Flash files embedded in PDF documents that can be exploited to read files on user's systems. Adobe has also acknowledged multiple flaws in a software library called 'libpng'. Lastly a format string error in an eBook plug-in creates a risk when parsing ".etd" files that could be exploited to execute arbitrary code.
Security firm Secunia describes the flaws as "highly critical". Adobe said that an exploit for the flaws is yet to be released. But that's no reason for complacency. Users are advised to upgrade to the 6.0.3 version of Reader or Acrobat to defend against the flaws. ®