Researchers have uncovered an extremely serious security flaw in Adobe’s popular Illustrator graphics program.
Found by Ernst & Young vulnerability expert and sometimes blogger Nathan McFeters, the unpatched problem in Illustrator has garnered a “highly critical” ranking from Secunia — among others — Secunia’s most severe vulnerability rating.
According to the researchers, the involved vulnerabilities are related to unspecified errors that occur when the graphics program is processing files created using Illustrator and can possibly be exploited remotely to execute arbitrary code by tricking a user into opening a specially crafted Illustrator file.
The vulnerabilities have been confirmed in Adobe Illustrator CS2 for Macintosh, but Adobe Illustrator CS3 and the upcoming CS4 iterations of the product are reportedly not affected.
In a related advisory, Adobe recommended that its customers exercise caution when receiving unsolicited or suspicious files, and said it is not aware of any attacks in the wild that prey on the flaw.
The company reported third-quarter earnings that easily topped analysts’ estimates on Sept. 16, and cited the launch of CS4 as one of its major landmarks planned for the fourth quarter.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.