Wednesday, August 9, 2017

Adobe patches security flaws in Acrobat and Reader


Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and Macintosh: the patches include ones for vulnerabilities that could allow an attacker to take control of the affected system, Adobe warned.

For example one vulnerability in Adobe Acrobat Reader DC can be exploited for the purposes of arbitrary code execution.

Uncovered by Cisco Talos researcher Aleksandar Nikolic, the TALOS-2017-0361 / CVE-2017-11263 exploit manifests in the parser program, the software component which takes inputs and builds them into data, in the Acroform parsing functionality used in PDFs.

A specifically crafted PDF document could be designed to trigger this vulnerability and lead the parser to into an unintended state and therefore allow an attacker to access or overwrite memory inside the process for the purposes of arbitrary code execution.

The vulnerability would be triggered by a victim opening the malicious file or accessing a malicious webpage.

Adobe has released a software update that addresses the vulnerability, alongside updates for other vulnerabilities rated critical and important that "could potentially allow an attacker to take control of the affected system".

READ MORE ON CYBER SECURITY



from Latest Topic for ZDNet in... http://ift.tt/2vNvIYY

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.