TechTarget

Adobe warns of new zero-day vulnerability

Adobe has warned that hackers are exploiting a new zero-day vulnerability in its Reader and Acrobat products to compromise computers.

Adobe has warned that hackers are exploiting a new zero-day vulnerability in its Reader and Acrobat products to...

compromise computers.

The company has published a Security Advisory about the flaw, rated as critical and identified as CVE-2010-2883.

"A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh," according to the advisory.

The vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.

"Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability," the company said.

Adobe is sharing information about the vulnerability with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available, which may be released before the next scheduled security update on 12 October.

In July 2009, Adobe introduced a 90-day security update cycle for its Reader and Acrobat products, but has since been forced to release four out-of-band patches for zero-day flaws.

Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

The software firm thanked security researcher Mila Parkour, who maintains the Contagio malware dump blog, for reporting the attack and working with its security team on the issue.

Adobe said it will post information updates on the Adobe Product Security Incident Response Team blog.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close