also @ TechSpot: Congress pressures Google on Glass privacy concerns

Adobe to patch zero-day Reader, Acrobat flaw January 12

By

On December 17, 2009, 8:20 AM

Adobe will reportedly patch a critical vulnerability (CVE-2009-4324) in Reader and Acrobat on January 12, the company's next scheduled quarterly security update, as opposed to an off-cycle release. The zero-day bug is currently being exploited on Reader and Acrobat versions 9.2 and earlier. If used, an attacker could crash the system and ultimately take control of it.

Thankfully, both the rate of infection and risk assessment level are very low, according to Symantec. Although an official fix is still several weeks away, users can utilize a JavaScript Blacklist mitigation feature introduced to Reader and Acrobat versions 9.2 and 8.1.7 in October, which disables access to individual JavaScript APIs.

Webroot analyzed the malware and discovered that it installs three files which resemble Windows system files, and are digitally signed with a forged Microsoft certificate. However, unlike legitimate Microsoft-signed certificates, the malware's lack an email address and timestamp.

No tags on this story

3 comments

User Comments: 3

Got something to say? Post a comment
  1. December 17, 2009 1:45 PM
    Vicenarian said:

    That's why I don't use adobe reader....There are so many third party, free, alternatives out there.

    Reply
  2. December 17, 2009 2:12 PM
    LightHeart said:

    As OS's have become more secure, hackers have moved to the weakest link which appears to be Adobe. Adobe is on almost every computer, Reader, Flash, etc. so there is a big target on it. Adobe seems to have bloated software and is slow to react to these threats; hopefully they will improve things.

    Reply
  3. December 17, 2009 5:02 PM
    Timonius
    Timonius said:

    Yep, this is a test for Adobe...as they practically have a monopoly in the market for Flash, PDF, etc. If companies get big and lazy they get targeted even more. Too bad the security fix won't be released sooner despite the lack of severity. It just doesn't show to me that they really care.

    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Cases

Downloads and Drivers

Downloads   Drivers  

J. River Media Center 18.0.187

ComicRack 0.9.169

Ashampoo UnInstaller 5.03

Files Terminator Free 2.5.0.11

Advanced Host Monitor 9.50

More Downloads

Latest Discussion

Printer won't power on, tried everything. Any ideas? 18 replies on Other Hardware

Which is the best smartphone to buy? 8 replies on Mobile Computing

Steam trading zone 114 replies on Gaming

Keep getting Windows not valid popup 20 replies on Windows OS

What game first got you hooked on gaming? 171 replies on Gaming

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.