All the latest UK technology news, reviews and analysis


Adobe toiling on patch for zero-day flaw in Reader and Acrobat

20 Feb 2013
Adobe headquarters in San Jose

Adobe has confirmed that it is working to patch the zero-day exploit found in its Reader and Acrobat software.

Earlier, security researches had warned of an exploit in the programs which could lead to hackers taking control of affected systems. Adobe reported that a fix for the issue should come sometime during the week of 18 February.

Adobe says that it is working on a patch for the programs on Windows, Mac, and Linux platforms, correcting flaws in Acrobat and Reader software versions nine to 9.5.3.

Until the issue is corrected Adobe recommended that administrators enable Protect View within the program's registry. Protect View is a feature that prevents documents from performing any actions that could put users at risk.

"Enterprise administrators can protect Windows users across their organisation by enabling Protected View in the registry and propagating that setting via GPO or any other method," Adobe said in a statement on the exploit.

The workaround will only work with Windows systems. Protect View currently isn't available on Mac and Linux versions of the software.

To be put at risk of attack users would have to open a PDF carrying the malware using the programs in question. Once opened the hack may not cause any noticeable suspicious activity.

According to Sophos head of technology in Asia Pacific, Paul Ducklin, the exploit works by using a decoy document technique to spread malware.

"The exploit doesn't just take over Reader and use it to inject malware onto your PC, but also reloads Reader with a clean PDF that looks safe and behaves innocently, largely because it is innocent," wrote Ducklin in a blog post.

For Adobe, the news comes following the release of a patch which corrected a similar issue in the Flash platform. Earlier this month, Flash suffered at the hands of a similar zero-day exploit.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert
About

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club, CachedTech.com, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Privacy
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
23%
14%
4%
16%
30%
13%

Popular Threads

Powered by Disqus
Galaxy S5 vs iPhone 5S vs Nexus 5 showdown

Galaxy S5 vs iPhone 5S vs Nexus 5

We speed test three of the most popular smartphones

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

eDiscovery Integration Manager / PMO - Zurich

For a bank based in Zürich, we are currently searching...

Application Architect / Technical Lead

Required Skills: * Significant proven experience in...

Project Manager, Contract, Agile, Scrum, London

My client, a FTSE 250 software company based in Central...

IT Operational Readiness

Operational Readiness Manager - Financial Services...
To send to more than one email address, simply separate each address with a comma.