Critical Adobe Reader hole to be patched Thursday
Adobe says it will release emergency fix for hole revealed three weeks ago by security researcher.
Adobe will release a patch on Thursday for a critical hole in Reader that was disclosed at the Black Hat conference late last month, the company said on Wednesday.
Adobe hadthat the emergency fix was coming this week, in advance of the next quarterly security release, scheduled for October 12.
The security update will resolve an undisclosed number of critical issues in Reader 9.3.3 for Windows, Mac, and Unix; Acrobat 9.3.3 for Windows and Mac; and Reader 8.2.3 and Acrobat 8.2.3 for Windows and Mac, according to Adobe's advisory.
The flaw, which could be exploited to take control of a computer, is related to the way Adobe's PDF (portable document format) reader software handles fonts, said Charlie Miller, principal analyst at Independent Security Evaluators who disclosed the hole at the security conference.
The vulnerability is an "integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, (that) allows remote attackers to execute arbitrary code via a TrueType font," according to the description in the National Vulnerability Database.