Advanced Cyber Security

You are here: SecPoint Cyber Security News

Adobe Reader vulnerable to security flaws

A new vulnerability was discovered in Adobe Reader recently.

Charlie Miller, a security researcher from Independent Security Evaluators, shared his findings during the security conference held by Black Hat in Las Vegas, NV.

The vulnerability turns out to be another font-parsing bug in the PDF reader that was designed by Apple.

It allows malicious code to be executed when altered PDF files are opened.

The previous known vulnerability was used to jailbreak the iPhone.

The new bug, if exploited properly would make Apple phones susceptible to malicious code execution.

Warnings from two anti-virus providers Symantec and McAfee provided a more in-depth look at how big this problem actually is.

Although there have been no reports of the new bug being used for nefarious purposes.

Hopefully, Apple would give their take

On the issue in the coming days ahead.

Although they still have yet to comment on this issue.

Adobe Senior Director Brad Arkin of product security and privacy confirms that the vulnerability exists.

It was confirmed by the security team of Adobe which attended the presentation of Miller and validated his findings.

Adobe is now working on the patch but is yet to announce when and how the update will be released.

The Adobe security team is still in the process of evaluating whether the talk of Miller was enough to have the vulnerability exploited and necessitate an earlier patch rollout.

Since there have yet to be reports of anyone exploiting the bug, the fix may include in the succeeding rollouts. 

This is the latest documented security vulnerability in Adobe Reader that affects not only Apple but also versions of Windows, OS X, and UNIX platforms.

These vulnerabilities put machines at risk from malware that steals sensitive information such as usernames, passwords, and more.

Miller used the security tool BitBlaze, software that aids in the analysis of crash bugs, to discuss the unpatched bug in his slide presentation.

The software was so useful that it helped Miller better understand other security vulnerabilities such as those found in OpenOffice.