All the latest UK technology news, reviews and analysis


Adobe toiling on patch for zero-day flaw in Reader and Acrobat

20 Feb 2013
Adobe headquarters in San Jose

Adobe has confirmed that it is working to patch the zero-day exploit found in its Reader and Acrobat software.

Earlier, security researches had warned of an exploit in the programs which could lead to hackers taking control of affected systems. Adobe reported that a fix for the issue should come sometime during the week of 18 February.

Adobe says that it is working on a patch for the programs on Windows, Mac, and Linux platforms, correcting flaws in Acrobat and Reader software versions nine to 9.5.3.

Until the issue is corrected Adobe recommended that administrators enable Protect View within the program's registry. Protect View is a feature that prevents documents from performing any actions that could put users at risk.

"Enterprise administrators can protect Windows users across their organisation by enabling Protected View in the registry and propagating that setting via GPO or any other method," Adobe said in a statement on the exploit.

The workaround will only work with Windows systems. Protect View currently isn't available on Mac and Linux versions of the software.

To be put at risk of attack users would have to open a PDF carrying the malware using the programs in question. Once opened the hack may not cause any noticeable suspicious activity.

According to Sophos head of technology in Asia Pacific, Paul Ducklin, the exploit works by using a decoy document technique to spread malware.

"The exploit doesn't just take over Reader and use it to inject malware onto your PC, but also reloads Reader with a clean PDF that looks safe and behaves innocently, largely because it is innocent," wrote Ducklin in a blog post.

For Adobe, the news comes following the release of a patch which corrected a similar issue in the Flash platform. Earlier this month, Flash suffered at the hands of a similar zero-day exploit.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert
About

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club, CachedTech.com, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Privacy
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
9%
9%
3%
65%
14%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Full Stack Web Developer (C#, ASP.NET, MVC, SQL, JS) London

Full Stack Web Developer (C#, ASP.NET, MVC, SQL, JS...

System Administrator (Windows Server, SQL Server, Hyper-V)

System Administrator (Windows, Windows Server, SQL Server...

System Support Officer

South Somerset District Council The Council Offices...

Systems Analyst

Systems Analyst £Competitive + great benefits...
To send to more than one email address, simply separate each address with a comma.