Advertisement
Promo

Security threats Toolkit

PDF reader flaw fixed

Joris Evers CNET News

Published: 13 Jul 2006 09:45 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Adobe Systems joined Microsoft on "Patch Tuesday" and delivered fixes for two security flaws in the ubiquitous Adobe PDF reader software.

The vulnerabilities affect Adobe's Acrobat and Reader software for both the Windows operating system and Apple's Mac OS, Adobe said in two separate security advisories. If left unpatched, the flaws could put Windows and Mac users at risk of a cyberattack.

Adobe's fixes came on the same day that Microsoft issued seven security bulletins with updates to repair 18 vulnerabilities in Windows and Office, including what security experts deem a dangerous Windows worm hole.

The most serious of the two Adobe flaws is a "buffer overflow" vulnerability that affects Adobe Acrobat 6.0.4 and earlier for both Windows and Mac OS, Adobe said. The company categorises this as a "critical" update and recommends computer users update to version 6.0.5.

An attacker could exploit the vulnerability by crafting a malicious PDF (Portable Document Format) file. Opening that file could cause a complete compromise of the vulnerable PC or cause Acrobat to crash.

Buffer overflows are a commonly exploited security problem. They occur when a program allows data to be written beyond the allocated end of a buffer in memory. A computer can be made to execute potentially malicious code by feeding in extra data that is designed to flood the buffer.

The second flaw Adobe has fixed affects version 6.0.4 and earlier of Adobe Reader and Adobe Acrobat, but only on Mac OS. File and folder permissions for the applications could permit non-privileged users to change key program files on the Apple operating system, Adobe said in its security alert.

"This condition presents a risk for shared, multiuser systems," Adobe said. "On such systems, a hostile unprivileged user could take advantage of this condition to replace these program files with malicious or harmful code that could read, write or destroy sensitive data if subsequently run by a privileged user."

Adobe recommends that people use the automatic update facility in its applications to install version 6.0.5 or download and install the update from the Adobe Web site.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
96 out of 168 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

1 comment

  1. Huh? Reader is already at version 7.07 on the Mac... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters