By Elinor Mills
June 29, 2010
Adobe on Tuesday released updates for Reader and Acrobat that plug 17
critical holes, including one being exploited in the wild to take
control of computers and one that could be used to launch an attack
using social engineering and PDF files.
Adobe warned about the vulnerability being used in attacks, which also
affected Flash Player, in early June and plugged the hole in Flash on
Meanwhile, the PDF vulnerability was made public in late March by
security researcher Didier Stevens, who fashioned a proof-of-concept
attack that relied on the "/launch" functionality. Another researcher at
NitroSecurity took advantage of the same flaw to create a
proof-of-concept attack about a week later.
"We added functionality to block any attempts to launch an executable or
other harmful objects by default," Adobe's Steve Gottwals, wrote in a
blog post on Tuesday. "We also altered the way the existing warning
dialog works to thwart the known social engineering attacks."
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com