Adobe Patches Zero-Day Vulnerability

March 10, 2009 – 5:06 PM

Adobe released a patch today for a zero-day vulnerability under attack by hackers.

The patch, available for version 9 of Adobe Reader and Adobe Acrobat, comes a day earlier than the company’s planned release. Patches for earlier versions of the product are still slated for March 18.

The vulnerability is the result of an array indexing error in the processing of JBIG2 streams. Hackers can exploit the bug to corrupt arbitrary memory using a specially-crafted PDF file. If successful, attackers could gain control of a compromised system.

Though security vendors reported attacks may have started as early as January or December, the existence of the vulnerability did not become widely known until last month. Though initial reports indicated disabling JavaScript would solve the issue, it in fact only addressed certain exploits and did not address the underlying vulnerability.


You must be logged in to post a comment.