Adobe's Reader and Acrobat packages are once again under attack, with an emergency patch planned.
Adobe has found itself in the security limelight again - and not in a good way - following the discovery of another major security vulnerability in the company's Reader and Acrobat software packages.
As reported over on InforWorld
, the flaw was announced by security supremo Charlie Miller at this year's Black Hat security conference and holds the - as yet, unproven - potential to allow remote code execution.
The flaw resides in the way that Adobe Reader and Acrobat handle the rendering of TrueType fonts: by embedding a maliciously-crafted font into a PDF, sections of memory can be overwritten - at best crashing the machine and at worst allowing an attacker to execute malicious code.
As there is the potential for remote code execution, Adobe is taking the flaw seriously: so much so, in fact, that the company is planning an emergency, out-of-cycle patch release specifically to address the flaw.
Due for release in the week starting the 16th of August, the emergency patch will fix both the font rendering vulnerability publicised by Miller and a raft of other security flaws which Adobe is not making public until closer to the time of release.
Although a fix is coming, it's another embarrassment for a company which has had more than its fair share of security scares
in Adobe Reader.
Are you surprised to find that Adobe's PDF-related software is still
full of holes, or does each patch release give you hope that maybe, just maybe, they've fixed it this
time? Share your thoughts over in the forums