Adobe Systems has issued emergency updates for its Reader and Acrobat products to address a critical flaw disclosed at the Black Hat conference in July. The updates take Reader to version 9.3.4 and Acrobat to version 8.2.4.
The overflow vulnerability could let hackers execute arbitrary code and was disclosed at Black Hat by Charlie Miller of Independent Security Evaluators. An attacker could use a specially crafted PDF file to corrupt memory. Miller said the vulnerability is related to the way fonts are handled in PDF files.
Adobe's updates also fix six Flash Player vulnerabilities that could be used to take control of a PC. Although no exploits have been reported, Adobe decided not to wait for its next scheduled quarterly update on Oct. 12.
The Reader update is for Windows, Mac and Linux, while the Acrobat update is for Windows and Mac. They can be downloaded from Adobe or applied by the Update command in Reader and Acrobat.
Security company Secunia urged users to install the updates immediately. Meantime, it said, be careful about opening PDF files from unknown sources.
Posted: 2010-08-25 @ 8:43am PT
How do I discover the updated/fixed flash player? All I can find is flash 10.1 on Adobe's download site - which looked exactly like it did before this news. I see a shockwave bulletin - but nothing about Flash player. ?!?!
Posted: 2010-08-21 @ 2:36pm PT
This is horrible because I am unable to download the Adobe Flash Player 10.1 update recently. It keeps referring to the ActiveX (DLM) install, and yet I still cannot download it nor view any interactive websites, etc! Addt'ly, I "cannot System Restore." ?