What is it with Adobe Reader and vulnerabilities? It feels like new security vulnerabilities are found in the software at an accelerated pace this year. Adobe yesterday released a security advisory for Adobe Reader and Acrobat, to announce to the world that critical security vulnerabilities have been found – once again – in Adobe Reader and Adobe Acrobat.
Adobe expects to make the updates “available during the week of August 16, 2010″, which does mean that millions of computer systems running either Adobe Reader or Adobe Acrobat are left vulnerable for the time being.
Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. Adobe expects to make these updates available during the week of August 16, 2010
The security advisory does not reveal information about the vulnerabilities, only that one was discussed at last month’s Black Hat USA 2010 security conference, that all platforms are affected, and that Adobe Reader 9.3.3 and earlier, and Adobe Acrobat 9.3.3 and earlier are affected.
The advisory over at Secunia reveals additional details about the vulnerability discussed at the Black Hat conference. The Adobe Reader / Acrobat Font Parsing Integer Overflow Vulnerability has been rated as highly critical, the second highest possible rating.
The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the “maxCompositePoints” field value in the “maxp” (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font.
Successful exploits may allow remote code execution on the targeted system.
Users with Adobe Reader or Adobe Acrobat installed may want to consider switching to another pdf reader for the time being, to protect their computer system from those vulnerabilities. Alternatives are listed on our pdf reader comparison page.
Related Articles:
Adobe Reader, Acrobat and Flash Player Zero Day VulnerabilityAdobe Reader and Acrobat Critical Security Update
Adobe Reader 9.3.2 Security Update Released
Adobe Still Offering Insecure Adobe Reader Version
Here We Go Again: Yet Another Flash 0-day Vulnerability Emerges
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
If it doesn’t have security holes, than it’s not Adobe.