Adobe Systems is releasing an emergency update Aug. 19 to patch critical vulnerabilities, including a bug discussed at the Black Hat security conference.
Adobe Systems announced that on Aug. 19 it will patch a flaw in
Reader revealed at the Black Hat security conference in an emergency
The update will cover critical bugs affecting Adobe Reader and
Acrobat, including one revealed by Charles Miller, principal
security analyst with consulting firm Independent Security Evaluators,
at the conference last month. The bug is due to an integer overflow,
and can be used by attackers to compromise a system
"Adobe is planning to release updates for Adobe Reader 9.3.3 for
Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and
Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and
Macintosh to resolve critical security issues...and the Adobe Flash
Player update as noted in Security Bulletin APSB10-16. Adobe expects to
make these updates available on Thursday August 19, 2010."
According to Secunia
attackers armed with a malicious PDF file containing specially crafted
TrueType font can exploit the vulnerability Miller uncovered,
and users are advised not to open untrusted PDF files with
After Aug. 19's out-of-band release, Adobe is currently scheduled to
release the next quarterly security updates for Adobe Reader and
Acrobat on Oct. 12.