New Adobe Reader, Acrobat Security Flaw Under Attack

Adobe Systems is warning users about a new vulnerability being exploited in the wild.

According to Adobe, the vulnerability can be exploited to "cause a crash and potentially allow an attacker to take control of the affected system." The bug exists in Adobe Reader 9.3.4 and earlier for Windows, Macintosh and Unix systems. It also exists in Adobe Acrobat versions 9.3.4 and earlier for Mac and Windows.

Adobe did not provide technical details on the vulnerability. However, an advisory by Secunia stated that the issue is caused by "a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by ... tricking a user into opening a specially crafted PDF file."

"Unfortunately, there are no mitigations we can offer," a spokesperson told eWEEK in an e-mail. "However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up-to-date."

Read more -here-

• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package
• OpenAI is reportedly working on a search feature for ChatGPT
• TikTok, ByteDance sue to block US law seeking sale or ban of app
• OpenAI partners with Stack Overflow to make models better at coding
• Dropbox breach exposes customer credentials, authentication data