Adobe issues critical fix

Holes patched in Reader and Acrobat

Written by Shaun Nichols in California

vnunet.com, 25 Jun 2008

Adobe has issued fixes for a critical vulnerability being exploited by malware writers.

The flaw affects the firm's Acrobat and Adobe Reader applications on Mac OS and Windows.

Adobe recommends that users of both platforms install the security update immediately.

The vulnerability could allow an attacker to gain control of the user's system by way of malformed JavaScript code.

When exploited, the vulnerability leads to an application crash which leaves the user liable to remote control of the system and code execution from the attacker.

Such remote code execution flaws are a favourite method for covertly installing malware and are often regarded as the highest risks among software vulnerabilities.

This is likely to appear in a malware spreading website near you soon

Jason Lam Sans

Adobe has classified the flaw as 'critical', the highest of its four security alert levels. The company noted that there is a heightened risk as the flaw is already being used by attackers to spread malware in the wild.

Sans security researcher Jason Lam echoed Adobe's sense of urgency, recommending that users install the update as soon as possible.

"This is likely to appear in a malware spreading website near you soon given the track record of the botnet operators," he wrote.