Adobe Acrobat and Reader open to attack


Adobe Acrobat and Reader open to attack

Antony Savvas

Adobe Systems has reported two serious security flaws in its widely used Adobe PDF (portable document format) Reader and Acrobat software.

The vulnerabilities, in both Adobe's paid-for Acrobat PDF management software and the free Reader software, affect both Windows and Apple Mac operating systems.

Both flaws allow attackers to potentially take over users’ systems, injecting their own code and/or stealing user data.

The most serious flaw is a buffer overflow vulnerability which affects Adobe Acrobat 6.0.4 and earlier versions, for both Windows and Mac OS machines.

The vulnerability has been deemed "critical" by Adobe and it recommends that users should update to version 6.0.5 of the software to rectify the problem.

An attacker could exploit the vulnerability by sending the user a specially crafted malicious PDF file. Opening this file can compromise the PC or cause Acrobat to crash.

The second flaw affects version 6.0.4 and earlier of Adobe Reader and Adobe Acrobat, but only on Mac OS machines.

File and folder permissions for the applications can permit non-privileged users to change key program files on the Apple operating system, a particular threat for shared or multi-user systems.

To avoid this threat, users should again upgrade to 6.0.5, said Adobe.


Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy