Adobe has found itself in the security limelight again - and not in a good way - following the discovery of another major security vulnerability in the company's Reader and Acrobat software packages.
As reported over on InforWorld, the flaw was announced by security supremo Charlie Miller at this year's Black Hat security conference and holds the - as yet, unproven - potential to allow remote code execution.
The flaw resides in the way that Adobe Reader and Acrobat handle the rendering of TrueType fonts: by embedding a maliciously-crafted font into a PDF, sections of memory can be overwritten - at best crashing the machine and at worst allowing an attacker to execute malicious code.
As there is the potential for remote code execution, Adobe is taking the flaw seriously: so much so, in fact, that the company is planning an emergency, out-of-cycle patch release specifically to address the flaw.
Due for release in the week starting the 16th of August, the emergency patch will fix both the font rendering vulnerability publicised by Miller and a raft of other security flaws which Adobe is not making public until closer to the time of release.
Although a fix is coming, it's another embarrassment for a company which has had more than its fair share of security scares over the last few years - although it makes a change for the flaw not to be the result of the JavaScript implementation in Adobe Reader.
Are you surprised to find that Adobe's PDF-related software is still full of holes, or does each patch release give you hope that maybe, just maybe, they've fixed it this time? Share your thoughts over in the forums.
As reported over on InforWorld, the flaw was announced by security supremo Charlie Miller at this year's Black Hat security conference and holds the - as yet, unproven - potential to allow remote code execution.
The flaw resides in the way that Adobe Reader and Acrobat handle the rendering of TrueType fonts: by embedding a maliciously-crafted font into a PDF, sections of memory can be overwritten - at best crashing the machine and at worst allowing an attacker to execute malicious code.
As there is the potential for remote code execution, Adobe is taking the flaw seriously: so much so, in fact, that the company is planning an emergency, out-of-cycle patch release specifically to address the flaw.
Due for release in the week starting the 16th of August, the emergency patch will fix both the font rendering vulnerability publicised by Miller and a raft of other security flaws which Adobe is not making public until closer to the time of release.
Although a fix is coming, it's another embarrassment for a company which has had more than its fair share of security scares over the last few years - although it makes a change for the flaw not to be the result of the JavaScript implementation in Adobe Reader.
Are you surprised to find that Adobe's PDF-related software is still full of holes, or does each patch release give you hope that maybe, just maybe, they've fixed it this time? Share your thoughts over in the forums.
RELATED ARTICLES
MSI MPG Velox 100R Chassis Review
October 14 2021 | 15:04
Want to comment? Please log in.
Posted by J05H11E - Fri Aug 06 2010 09:35
Posted by Aracos - Fri Aug 06 2010 11:08
Posted by Jim - Fri Aug 06 2010 12:15
Posted by sear - Fri Aug 06 2010 12:24