Adobe Ships Silent Fix for Critical PDF Reader Flaw
Ryan Naraine writes on eWeek:
Adobe patched a gaping code execution hole in Reader but, inexplicably, has issued no public documentation on the risk severity.More here.
Adobe has released a software fix for what's described simply as "security vulnerabilities" in its ubiquitous Adobe Reader program, but has not issued public documentation on the risk severity.
The absence of a bulletin with details and severity ratings has raised eyebrows in the security research community.
The patch, included in Adobe Reader 8.1.2, plugs at least one known critical issue that allows rigged PDF files to be used in code execution attacks, says Kostya Kortchinsky, a vulnerability researcher at Miami, Florida-based Immunity.