Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Finally Fixes Remote Launch 0-Day

Posted by kdawson on from the stay-safe-out-there dept.

Trailrunner7 sends in this excerpt from Threatpost (Adobe announcement here): "Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF '/Launch' functionality social engineering attack vector that was disclosed by researcher Didier Stevens. As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file." Relatedly, Brian Krebs blogs about the downsides of Adobe's increasingly Byzantine update process.

3 of 82 comments (clear)

  1. Re:Still I don't know by The+MAZZTer · · Score: 2, Funny

    At first I thought you were just clueless, then I realized you were just a troll, now I'm just confused.

  2. Re:It's not a 0-day anymore.... by vawarayer · · Score: 5, Funny

    Details in the PDF file attached to this e-mail.

  3. is this distributed through windows update? by Anonymous Coward · · Score: 1, Funny

    is it? oh shit