All the latest UK technology news, reviews and analysis
|
|
|
10 Oct 2009
Adobe has issued a security alert about a zero-day flaw in its PDF and Reader formats which is already being exploited by malware writers.
The company said in a blog post that it will release a patch for the flaw on 13 October. In the meantime users are advised to disable JavaScript, although Adobe warned that this may not be a complete solution.
"Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update scheduled for release on October 13," the firm said.
"Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible.
"In the meantime, Adobe is also in contact with anti-virus and security vendors regarding the issue, and recommends users keep their anti-virus definitions up to date."
The detected malware attack uses a Trojan called 'Troj_Pidief.Uo' which is transmitted via a PDF file infected with a JavaScript agent known as 'Js_Agent.Dt'. The malware installs a backdoor entry system using 'Bkdr_Protux.Bd' to give complete control of the infected computer.
The attacks were confirmed by the Taiwanese National Information and Communication Security Taskforce, an organisation of academics, security researchers, chief security officers and government officials.
Adobe is becoming increasingly concerned at the number of attacks on its formats. Adobe chief technical officer Kevin Lynch said at this week's Adobe Max 2009 conference that the problem is being addressed.
"We have seen an increase in attacks on Reader and Flash. We have an excellent security team working on the issue, and also have a response team to start work immediately on problems as they come in," he said.
"We are looking to decrease the time from bug to fix. It was months, but we now take two weeks for critical fixes."
Latest stories from Software
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
EU data protection overhaul contains "bureaucratic tick box-proposals", says information commissioner Christopher Graham in exclusive interview with V3
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
eCommerce Business Analyst - (North London) Permanent...
UI Developer (North London) Permanent £55,000 - £60...
MS Office 2010 Trainer - Cambridge My Cambridge based...
Dynamics CRM consultants (experience of javascript and...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Just use Foxit Reader!!!!
Well if Adobe Acrobat Reader is having flaws then is time you move to a freeware called Foxit Reader which is free to use and whose memory footprint if by far smaller than Acrobar Reader that is becoming bigger and bigger and heavier and memory eater with every new version. Just give a try to Foxit!
Posted by: emmerc 12 Oct 2009