Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Finally Fixes Remote Launch 0-Day

Posted by kdawson on from the stay-safe-out-there dept.

Trailrunner7 sends in this excerpt from Threatpost (Adobe announcement here): "Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF '/Launch' functionality social engineering attack vector that was disclosed by researcher Didier Stevens. As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file." Relatedly, Brian Krebs blogs about the downsides of Adobe's increasingly Byzantine update process.

4 of 82 comments (clear)

  1. Re:It's not a 0-day anymore.... by Anonymous Coward · · Score: -1, Troll

    Obligatory

  2. Still I don't know by s122604 · · Score: -1, Troll

    What was the impact of this on an (otherwise) fully patched ubuntu machine, running flash, but not acrobat(not installed), in a non-admin account.
    I have used my ubuntu machine at home to look at several questionable flash based websites in the last few weeks and want to know if I should format and re-install

    1. Re:Still I don't know by s122604 · · Score: 0, Troll

      Clueless (about this), not a troll, I truly just don't know.

      If I have flash plugins installed, but not acrobat, and I did my browsing in an account without admin privileges, how vulnerable would I have been?
      If you can't answer, perhaps you are clueless as well?

  3. Re:It's not a 0-day anymore.... by tanikaray24 · · Score: 0, Troll

    Thank you all so much for your comments and support http://www.baiyokefactory.com/