Friday, October 9, 2009

PDF Pwnage Continues Unabated

"Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user's computer, the software maker warned.

"Adobe said it planned to patch the critical security bug in Reader and Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the company's previously scheduled patch release for the PDF reader. According to Security Focus here, attackers can exploit the vulnerability by tricking a user into opening a booby-trapped PDF file.

"`Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application,` the security site warned. `Failed attempts will likely result in denial-of-service conditions.`

"The bug is presently being exploited in `limited targeted attacks,` Security Focus added, without elaborating. Adobe said only that the attacks target Reader and Adobe running on Windows operating systems."

More at The Register...

No comments: