Core Security issues warning of vulnerability in version 8.1.2 of Adobe Reader on Tuesday on the day a security patch is due to be released by Adobe.
Elinor MillsFormer Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Updated 10:50 a.m. PT with Adobe releasing update and link.
A critical security hole in Adobe Reader could allow an attacker to take control of a computer, according to Core Security Technologies.
The vulnerability affects version 8.1.2 of Reader, Core Security said in a statement issued on Tuesday to coincide with Adobe's planned release of a security update to fix the vulnerability.
The security bulletin was posted early on Tuesday. "Adobe is not aware of any reports of these issues being exploited in the wild," the company wrote in a security blog posting.
Damian Frizza, a CoreLabs researcher, discovered the vulnerability in May while he was investigating a similar vulnerability in a different PDF viewer application called Foxit Reader. Core Security immediately reported the new hole to Adobe.
The complexity of desktop software increases the chances of applications having bugs that result from the implementation of the software, said Ivan Arce, chief technology officer of Core Security.
The fact that both PDF Readers have the same bug indicates that even though vendors are building products with different technologies and code bases, they ought to check for such bugs in their applications when rival software is found to be vulnerable, Arce said.