Adobe Systems is planning to release updates Oct. 5 to address vulnerabilities impacting Adobe Reader and Acrobat.
Adobe Systems is patching vulnerabilities
impacting Adobe Reader and Acrobat
to fend off attackers.
Adobe is issuing the
updates Oct. 5, a week ahead of its regular schedule. The first of the
updates addresses a problem in Adobe Flash Player that also affects Reader
versions 9.3.4 and earlier on Windows, Mac and Unix systems and Adobe
Acrobat 9.3.4 and earlier for Windows and Macs.
Adobe patched the flaw on Flash Player earlier in September as attacker began
to actively exploit the vulnerability in the wild.
The company has plans to update Adobe Reader and Acrobat to fix a separate
vulnerability that it first issued an advisory about Sept. 8. The issue is
caused by a boundary error within the font parsing in CoolType.dll and can be
exploited to cause a stack-based buffer overflow by tricking a user into
opening a specially crafted PDF file.
That vulnerability-which affects Adobe Reader versions 9.3.4 and
earlier for Windows, Macintosh and Unix-could cause a crash and potentially
allow an attacker to take control of a vulnerable system. The
vulnerability also affects Acrobat 9.3.4 and earlier for Windows and
Macs, and is being exploited in the wild. For mitigation, Microsoft and
suggested using Microsoft's Enhanced
Mitigation Experience Toolkit 2.0.