Adobe fills 17 Reader and Acrobat holes

By Phil Muncaster on Jul 1, 2010 8:40AM
Adobe fills 17 Reader and Acrobat holes

Adobe has released updates for its popular Reader and Acrobat software that fix 17 separate vulnerabilities including one that could enable hackers to take control of a user’s PC.

Adobe Reader and Acrobat 9.3.3 and 8.2.3 is an accelerated quarterly release originally slated for 13 July, fixing a number of issues that the firm has already disclosed. The next quarterly update is scheduled for 12 October.

One of the flaws, already being exploited in the wild, relates to the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix and could cause a crash and potentially allow an attacker to take control of the affected system.

Another fix mitigates a social engineering attack that could lead to code execution, according to Adobe. This flaw was first disclosed in March and takes advantage of PDF "/launch" functionality.

“Today's update includes changes to resolve the misuse of this command,” wrote Adobe product manager Steve Gottwals in a blog post.

“We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
acrobat adobe reader software

Partner Content

Shortfalls in cyber expertise deepen the cost and complexity of security incidents
Shortfalls in cyber expertise deepen the cost and complexity of security incidents
Fabric workshops help partners tap into data services demand growth.
Fabric workshops help partners tap into data services demand growth.
Think Technology Australia deliver massive ROI to a Toyota dealership through SharePoint-powered, automated document management
Think Technology Australia deliver massive ROI to a Toyota dealership through SharePoint-powered, automated document management
Why Most MSPs Are Invisible (And What the Smart Ones Are Doing Instead)
Why Most MSPs Are Invisible (And What the Smart Ones Are Doing Instead)
Have ticket queues become your quiet business risk?
Have ticket queues become your quiet business risk?

Sponsored Whitepapers

Protect the data your business relies on
Protect the data your business relies on
Cut through the SASE confusion
Cut through the SASE confusion
Stay protected as cyber threats evolve
Stay protected as cyber threats evolve
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The race to AI advantage is on. Don’t let slow consulting projects hold you back.

Events

techpartner.news MSP index - Melbourne
techpartner.news MSP index - Melbourne
Pipeline 2026: Game Changers
Pipeline 2026: Game Changers

Most read articles

SentinelOne signs distribution agreement with Sektor

SentinelOne signs distribution agreement with Sektor
HamiltonJet partners with digital services provider Fortude

HamiltonJet partners with digital services provider Fortude
Why Kat McCrabb started with the hard stuff

Why Kat McCrabb started with the hard stuff
Rapid7’s new SIEM combines exposure management with threat detection

Rapid7’s new SIEM combines exposure management with threat detection

Log in

Email:
Password:
  |  Forgot your password?