Critical Adobe Reader hole to be patched Thursday

Adobe says it will release emergency fix for hole revealed three weeks ago by security researcher.

Adobe

Adobe will release a patch on Thursday for a critical hole in Reader that was disclosed at the Black Hat conference late last month, the company said on Wednesday.

Adobe had announced on August 5 that the emergency fix was coming this week, in advance of the next quarterly security release, scheduled for October 12.

The security update will resolve an undisclosed number of critical issues in Reader 9.3.3 for Windows, Mac, and Unix; Acrobat 9.3.3 for Windows and Mac; and Reader 8.2.3 and Acrobat 8.2.3 for Windows and Mac, according to Adobe's advisory.

The flaw, which could be exploited to take control of a computer, is related to the way Adobe's PDF (portable document format) reader software handles fonts, said Charlie Miller, principal analyst at Independent Security Evaluators who disclosed the hole at the security conference.

The vulnerability is an "integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, (that) allows remote attackers to execute arbitrary code via a TrueType font," according to the description in the National Vulnerability Database.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Point-and-shoot quality with your phone?

Upgrade your camera photo game with these great additions.