Patch/Configuration Management, Vulnerability Management

Yet another Adobe Reader vulnerability discovered

A new vulnerability in Adobe Reader was reported today, joining a handful of other recently-discovered flaws affecting the popular software used to read PDF files.

The latest bug is caused by an unknown error in processing PDF files, according to vulnerability tracking firm Secunia. The "highly critical" flaw can be exploited by attackers to execute arbitrary code.

The vulnerability joins at least six others that have surfaced in recent days. Most severe among them are five holes in browser plug-ins that could allow attackers to manipulate a website for cross-site scripting attacks.

A sixth flaw related to PDF document catalog handling was reported Saturday as part of the Month of Apple Bugs project.

As a fix, users are urged to upgrade to versions 7.0.9 or 8.0, which was released in early December but does not contain any of the reported vulnerabilities, according to an Adobe bulletin.

Experts said PDFs have long been considered a safe way to send and retrieve documents, but that mindset may be changing.

"In using PDFs, some wish to sidestep the risks of malware-prone Microsoft Office documents," researcher Karthik Raman of McAfee Avert Labs said in a company blog post Tuesday. "But…we should all now be more careful with PDFs."

A spokesman for the San Jose, Calif.-based Adobe Systems told SCMagazine.com today that the company was not aware of any active exploits affecting customers.

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.