Adobe Acrobat and Reader open to attack

Adobe Systems has reported two serious security flaws in its widely used Adobe PDF (portable document format) Reader and Acrobat software.

Adobe Systems has reported two serious security flaws in its widely used Adobe PDF (portable document format) Reader and Acrobat software.

The vulnerabilities, in both Adobe's paid-for Acrobat PDF management software and the free Reader software, affect both Windows and Apple Mac operating systems.

Both flaws allow attackers to potentially take over users’ systems, injecting their own code and/or stealing user data.

The most serious flaw is a buffer overflow vulnerability which affects Adobe Acrobat 6.0.4 and earlier versions, for both Windows and Mac OS machines.

The vulnerability has been deemed "critical" by Adobe and it recommends that users should update to version 6.0.5 of the software to rectify the problem.

An attacker could exploit the vulnerability by sending the user a specially crafted malicious PDF file. Opening this file can compromise the PC or cause Acrobat to crash.

The second flaw affects version 6.0.4 and earlier of Adobe Reader and Adobe Acrobat, but only on Mac OS machines.

File and folder permissions for the applications can permit non-privileged users to change key program files on the Apple operating system, a particular threat for shared or multi-user systems.

To avoid this threat, users should again upgrade to 6.0.5, said Adobe.

 

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close