Wednesday, February 06, 2008

Adobe Ships Silent Fix for Critical PDF Reader Flaw

Ryan Naraine writes on eWeek:

Adobe patched a gaping code execution hole in Reader but, inexplicably, has issued no public documentation on the risk severity.

Adobe has released a software fix for what's described simply as "security vulnerabilities" in its ubiquitous Adobe Reader program, but has not issued public documentation on the risk severity.

The absence of a bulletin with details and severity ratings has raised eyebrows in the security research community.

The patch, included in Adobe Reader 8.1.2, plugs at least one known critical issue that allows rigged PDF files to be used in code execution attacks, says Kostya Kortchinsky, a vulnerability researcher at Miami, Florida-based Immunity.

More here.


Post a Comment

<< Home