New Adobe Reader, Acrobat Security Flaw Under Attack

Adobe Reader and Acrobat are vulnerable to a new security flaw being exploited in the wild. The bug could allow system takeovers.

Adobe Systems is warning users about a new vulnerability being exploited in the wild.

According to Adobe, the vulnerability can be exploited to "cause a crash and potentially allow an attacker to take control of the affected system." The bug exists in Adobe Reader 9.3.4 and earlier for Windows, Macintosh and Unix systems. It also exists in Adobe Acrobat versions 9.3.4 and earlier for Mac and Windows.

Adobe did not provide technical details on the vulnerability. However, an advisory by Secunia stated that the issue is caused by "a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by ... tricking a user into opening a specially crafted PDF file."

"Unfortunately, there are no mitigations we can offer," a spokesperson told eWEEK in an e-mail. "However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up-to-date."

Secunia advised users not to open untrusted files.

Adobe officials did not offer a timeline for when a patch would be available, but said the company would continue to provide users with updated information.