Adobe to patch zero-day Reader, Acrobat flaw January 12

By on
Adobe will reportedly patch a critical vulnerability (CVE-2009-4324) in Reader and Acrobat on January 12, the company's next scheduled quarterly security update, as opposed to an off-cycle release. The zero-day bug is currently being exploited on Reader and Acrobat versions 9.2 and earlier. If used, an attacker could crash the system and ultimately take control of it.

Thankfully, both the rate of infection and risk assessment level are very low, according to Symantec. Although an official fix is still several weeks away, users can utilize a JavaScript Blacklist mitigation feature introduced to Reader and Acrobat versions 9.2 and 8.1.7 in October, which disables access to individual JavaScript APIs.

Webroot analyzed the malware and discovered that it installs three files which resemble Windows system files, and are digitally signed with a forged Microsoft certificate. However, unlike legitimate Microsoft-signed certificates, the malware's lack an email address and timestamp.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.