[X4U] Adobe issues alert over Acrobat bug

Brett Conlon brett_conlon at sonymusic.com.au
Thu Aug 18 18:15:02 PDT 2005 

This one DOES affect us Mac users!  8-}

Adobe issues alert over Acrobat bug
Matthew Broersma, Techworld.com
18/08/2005 07:15:48
Acrobat and Acrobat Reader, two of the most widely used desktop 
applications, contain serious security flaws that could be used to take 
over a system, according to Adobe. 
The company has urged users to update the software immediately. 
Adobe Reader is Adobe's tool for reading PDF files, while Acrobat can also 
create PDF files and has other more advanced features. Affected are Reader 
and Acrobat versions 5.1, 6.0 to 6.0.3, and 7.0 to 7.0.2. Users can update 
to versions 5.2, 6.0.4 or 7.0.3 via the software's built-in automatic 
update or via a manual download from Adobe's site. 
The bug is found in a core application plug-in found in both Acrobat and 
Reader, according to Adobe, and could be exploited by tricking the user 
into opening a malicious PDF file. Because PDFs can be embedded into Web 
pages, such an attack wouldn't necessarily require any user intervention. 
"If a malicious file were opened it could trigger a buffer overflow as the 
file is being loaded into Adobe Acrobat and Adobe Reader," Adobe said in 
its advisory. "A buffer overflow can cause the application to crash and 
increase the risk of malicious code execution." 
US-CERT, the US Computer Emergency Readiness Team, issued its own advisory 
on the flaw. FrSIRT, the French Security Incident Response Team, and 
independent security firm, Secunia, both assigned the bug highly critical 
ratings. 
Network administrators may not have much leisure to patch - hackers have 
recently been taking less time to come up with worms that exploit known 
vulnerabilities in widely used software. A bug in Microsoft Windows Plug n 
Play, patched last Tuesday, quickly morphed into exploit code, and then 
into worms such as Zentob, which on Tuesday successfully disrupted systems 
at CNN, The New York Times, ABC and other large organisations in the US, 
Germany and Asia. 
The bug went from disclosure to widespread worm attacks within a week, one 
of the fastest-developing security threats so far, security experts said.
*******************

The Adobe link to this issue is at:

http://www.adobe.com/support/techdocs/321644.html

Cheers,

Coj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.themacintoshguy.com/pipermail/x4u/attachments/20050819/173883a3/attachment.html

More information about the X4U mailing list