Adobe Systems expects to have patches ready to fix the
latest flaws in Acrobat and Reader by next week.
“We are in the process of fixing the issue and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th,” wrote David Lenoe, a security program manager, on
Adobe’s security blog.
The update will fix the problem in versions 7.x, 8.x and 9.x for Reader and Acrobat on Windows, versions 8.x and 9.x of Reader and Acrobat for Macintosh, and Reader versions 8.x and 9.x for Unix. It will repair bug
That flaw could allow a hacker to create a malicious PDF file that could allow execution of other arbitrary code. Attack code was published last week on the
SecurityFocus Web site.
Adobe has also identified a second vulnerability in Reader for Unix,
CVE-2009-1493. That will also be fixed in the upcoming updates, Lenoe wrote. That flaw doesn’t appear to affect Windows or Macintosh, he wrote.
Adobe has battled bugs in Reader and Acrobat for some time. The vulnerabilities are valuable to hackers since they can create malicious documents to exploit the flaw and gain control over a computer. Since PDF files are widely used, there’s a higher chance that a victim can be tricked into opening one and ceding control of their computer.