PDF Reader

The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.The security feature, called “Protected Mode,” is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe’s security chief Brad Arkin.

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF “/Launch” functionality social engineering attack vector that was disclosed by researcher Didier Stevens.

Adobe has set a May 12 date for the delivery of patches to cover a critical zero-day vulnerability in its Adobe Reader 9.1 and Acrobat 9.1 software products.
An official security advisory from Adobe confirms the severity of the vulnerability and reiterates the advice for users to turn off JavaScript as a temporary measure to avoid code execution attacks.  However, customers have started to grumble that Adobe’s mitigation is difficult to implement and, even worse, useless in corporate environments.  Read the full story [zdnet.com]

Adobe has released a security bulletin to patch a “critical” code execution flaw affecting the ubiquitous PDF Reader and Acrobat software.
However, the patch is only available for Adobe Reader 9 and Acrobat 9.  Earlier versions of the software are affected by the vulnerability — and in the wild attacks — but Adobe says those fiixes are delayed for at least another week.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.