Adobe : Acrobat Vulnerability Won't Be Resolved Till March

The software behemoth Adobe said that the zero-day security vulnerability, which is affecting the users of Acrobat and Adobe Reader applications, won’t be patched until March.

In its advisory released last week, the company notified its users about buffer overflow vulnerability in its PDF reader code that could lead to the application crash, which in turn could enable hackers to seize control over the victim’s computer.

The flaw affects the Adobe Reader 9 and prior versions, along with Adobe Acrobat Standard, Pro and Pro Extended 9, and prior iterations of the application.

The company is working on providing the security patch for Adobe Reader 9 and Acrobat 9 by March 11; however, the company will roll out patches for the earlier versions of these applications later.

The company warned its users to stay cautious while opening files obtained from untrustworthy sources to avoid getting trapped into the flaw.

However, security firms, including the Shadowserver Foundation and Symantec, have asserted that though the flaw is being exploited in the wild, it’s not widespread yet.

Along the same line, Kevin Haley, director for Security Response at Symantec, said in a statement, “We’ve seen it used in only a few small places, so it tells us it’s a targeted attack and someone is not trying to use it in a widespread way”.

Go To Page 2 for our comments and more related links

Our Comments

Adobe should jump on this one ASAP. The vulnerability has already been exploited according to various reports and the fact that Acrobat reader is considered to be a rather safe medium could help hackers gain control of their victim's computers faster than expected.

Related Links

Adobe zero-day flaw won't be fixed until March


Adobe has a warning for Acrobat users


Adobe Flaw Heightens Risk of Encountering Malicious PDFs


Acrobat Reader has dangerous bug

(The Inquirer)

Adobe Warns Of Critical Vulnerability In Acrobat, Reader

(Networking Computing)