Adobe Emergency Patch to be Released Later Today

Adobe will today release a patch for a critical security vulnerability in its popular Reader and Acrobat software. The issue was first identified at the Black Hat security conference in July, and has since remained without a fix.

Adobe noted in early August that the patch would be available this week, well ahead of its next scheduled security release (based on a quarterly timetable) in mid-October.

Reader, Acrobat for Windows and Mac Affected

According to an advisory from Adobe, the patch is meant to fix a number of critical issues affecting Reader 9.3.3 for Windows, Unix and Mac as well as Adobe Acrobat 9.3.3 for Windows and Mac. Similarly patched is Reader 8.2.3 and Acrobat 8.2.3 for Windows and Mac. (Source: cnet.com)

The issue was first discovered by Charlie Miller, an analyst for Independent Security Evaluators.

If users fail to download the patch, there's a chance an exploit will enable the flaw and allow hackers access to infected PCs. The problem is associated with the way Adobe's Acrobat and Reader, PDF (portable document format) viewing programs, handle fonts.

Technically, the flaw is associated with an "integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, [that] allows remote attackers to execute arbitrary code via a TrueType font," says the National Vunerability Database.

Update Immediately, Says Security Firm

Security company Secunia says users of Adobe Acrobat and Reader should take the threat and the patch seriously. It says a hacker using a PDF file infected with a unique TrueType font could exploit Miller's hole, triggering remote access. (Source: eweek.com)

Secunia says all Adobe users should be careful about opening PDF files from unknown sources and install the patch immediately after it becomes available.