Adobe Systems has reported two serious security flaws in its widely used Adobe PDF (portable document format) Reader and Acrobat software.
The vulnerabilities, in both Adobe's paid-for Acrobat PDF management software and the free Reader software, affect both Windows and Apple Mac operating systems.
Both flaws allow attackers to potentially take over users’ systems, injecting their own code and/or stealing user data.
The most serious flaw is a buffer overflow vulnerability which affects Adobe Acrobat 6.0.4 and earlier versions, for both Windows and Mac OS machines.
The vulnerability has been deemed "critical" by Adobe and it recommends that users should update to version 6.0.5 of the software to rectify the problem.
An attacker could exploit the vulnerability by sending the user a specially crafted malicious PDF file. Opening this file can compromise the PC or cause Acrobat to crash.
The second flaw affects version 6.0.4 and earlier of Adobe Reader and Adobe Acrobat, but only on Mac OS machines.
File and folder permissions for the applications can permit non-privileged users to change key program files on the Apple operating system, a particular threat for shared or multi-user systems.
To avoid this threat, users should again upgrade to 6.0.5, said Adobe.
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats