Adobe Releases Emergency Reader Patch

The update covers critical flaws in Adobe Reader and Acrobat revealed at the Black Hat security conference last month

Adobe Systems announced that on 19 August it will patch a flaw in Reader revealed at the Black Hat security conference in an emergency update.

The update will cover critical bugs affecting Adobe Reader and Acrobat, including one revealed by Charles Miller, principal security analyst with consulting firm Independent Security Evaluators, at the conference last month. The bug is due to an integer overflow, and can be used by attackers to compromise a system.

“Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues… and the Adobe Flash Player update as noted in Security Bulletin APSB10-16. Adobe expects to make these updates available on Thursday 19 August, 2010.”

Malicious PDFs

According to Secunia, attackers armed with a malicious PDF file containing specially crafted TrueType font can exploit the vulnerability Miller uncovered, and users are advised not to open untrusted PDF files with the software.

After 19 August’s out-of-band release, Adobe is currently scheduled to release the next quarterly security updates for Adobe Reader and Acrobat on 12 October.