On the heels of a Black Hat conference presentation where researcher Charlie Miller provided details of an exploitable vulnerability in Adobe’s PDF Reader software, the company plans to ship an out-of-band patch to ward off malicious hacker attacks.
Miller’s presentation did not include technical details of the flaw but attendees were able to piece together clues to determine that the flaw could lead to code execution attacks with rigged PDF files.
Adobe’s Product Security Incident Response Team (PSIRT) was also able to confirm the issue and prepare an emergency patch that will be released for Adobe Reader and Acrobat during the week of August 16, 2010.
From Adobe’s pre-patch advisory:
This update will resolve critical security issues in Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010.
Adobe said it was not aware of any exploits in the wild around any of the vulnerabilities that will be fixed in this out-of-band update.