Adobe Patches Critical Bugs in Reader, Acrobat
Adobe Systems reports plugging 17 security holes, including one that has been exploited by attackers to infect users.Adobe Systems on June 29 plugged 17 critical security holes affecting Adobe Reader and Acrobat. Among the fixes is a patch for a zero-day vulnerability that impacted not only Reader and Acrobat, but versions of Adobe Flash Player as well, on multiple operating systems. Earlier in June, attackers were seen using the bug to plant backdoor Trojans on vulnerable machines.
Also among the bevy of patches is a fix for a situation demonstrated by security researcher Didier Stevens earlier in 2010, in which a PDF reader's "/launch" command could be abused to run malicious embedded executables.