Adobe PDF vulnerability fix slated for May 12

Share this article:
Adobe said it plans to release an update by May 12 for the recently disclosed Reader and Acrobat vulnerability.

In doing so, Adobe will push out Windows updates for Reader and Acrobat versions 7, 8 and 9 and Macintosh and Unix updates for versions 8 and 9, David Lenoe, Adobe's security program manager, said Friday afternoon in a blog post.

The company also has confirmed a second vulnerability in its Reader for Unix software, which also is slated to be fixed in next week's update, Lenoe said. That bug does not affect Windows or Mac versions, but Adobe is investigating whether it can "reproduce an exploitable scenario."

Proof-of-concept code for both vulnerabilities has been published on the web; however, Adobe is not aware of any live attacks.

As users await the patches, Adobe has suggested they disable JavaScript in Reader and Acrobat, Lenoe said. In addition, the company has contacted leading anti-virus providers so they can build in protection to their products.

This is the second major zero-day PDF flaw to strike the popular viewer this year.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.