Critical Adobe Reader hole to be patched Thursday

Adobe says it will release emergency fix for hole revealed three weeks ago by security researcher.

Adobe

Adobe will release a patch on Thursday for a critical hole in Reader that was disclosed at the Black Hat conference late last month, the company said on Wednesday.

Adobe had announced on August 5 that the emergency fix was coming this week, in advance of the next quarterly security release, scheduled for October 12.

The security update will resolve an undisclosed number of critical issues in Reader 9.3.3 for Windows, Mac, and Unix; Acrobat 9.3.3 for Windows and Mac; and Reader 8.2.3 and Acrobat 8.2.3 for Windows and Mac, according to Adobe's advisory.

The flaw, which could be exploited to take control of a computer, is related to the way Adobe's PDF (portable document format) reader software handles fonts, said Charlie Miller, principal analyst at Independent Security Evaluators who disclosed the hole at the security conference.

The vulnerability is an "integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, (that) allows remote attackers to execute arbitrary code via a TrueType font," according to the description in the National Vulnerability Database.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

NYC taxis to compete with Uber

NYC taxis set to launch an app of their own, one billion people visit Facebook in a day, Chrome sets end date for Flash support and HTC's Vive VR headset gets delayed.

by Jeff Bakalar