Adobe to issue fix for font parsing vulnerability in Reader

Posted on Friday, August 06 2010 @ 14:05 CEST by Thomas De Maesschalck
Adobe announced out-of-band security updates for Adobe Reader and Acrobat will be released during the week of August 16th. The updates will fix a vulnerability that enables attackers to execute arbitrary code on your system by creating a specially-crafted TrueType font. The vulnerability is identical to the one in Apple's iOS4 browser, which is used to jailbreak the iPhone 4.
Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. Adobe expects to make these updates available during the week of August 16, 2010.

Note that these updates represent an out-of-band release. Adobe is currently scheduled to release the next quarterly security update for Adobe Reader and Acrobat on October 12, 2010.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments