Adobe Prepares Patch For Zero-Day PDF Flaw

Adobe Systems is preparing to release an out-of-band patch to fix a critical vulnerability in its Acrobat and Reader applications.

The flaw was first reported during the Black Hat security conference.

A vulnerability has been found in TrueType, which is capable of allowing a PDF file embedded with a malicious code to run on a computer system.

The flaw was disclosed by Charlie Miller, a security researcher with Independent Security Evaluators during the recent Black Hat conference.

The company wrote on a blog post that the security updates being released for the Acrobat and Reader applications on 16 August, and will also include a patch for the CVE-2010-2862 flaw, unveiled during Black Hat.

Adobe said: “At this time Adobe is not aware of exploits in the wild for any of the issues addressed in this.”

The company added: “These security updates will be made available for Windows, Macintosh and UNIX.”

Topics