Home / Acrobat Reader at risk from security flaw

Acrobat Reader at risk from security flaw

Adobe users are being warned of a serious problem affecting Acrobat Reader. The flaw leaves users open to attack via maliciously crafted PDF files, which can be spread via e-mail attachments or web page links, and can be used to take control of a system.

Adobe users are being warned of a serious problem affecting Acrobat Reader. The flaw leaves users open to attack via maliciously crafted PDF files, which can be spread via e-mail attachments or web page links, and can be used to take control of a system.

The vulnerability results from a buffer overflow in the application’s UnixAppOpenFilePerform() — a function Acrobat Reader calls while opening certain documents — which can be remotely exploited, allowing an attacker to execute arbitrary code.

The impact of the vulnerability is somewhat lessened by the fact that two error messages appear before the exploit takes effect, but closing the message windows does not prevent the attack from taking place, iDefense said.

The bug can be found in Acrobat Reader versions 5.0.9 and 5.0.10 for Unix, as well as its Linux counterparts. Acrobat for Windows and Acrobat 7.0 for Unix, however, are not affected.

iDefense recommends caution when opening attachments or following links. It is also advisable to upgrade to an unaffected version, such as Acrobat Reader 7.0.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018