Post by: don on April 30, 2009, 03:09:33 PM
From SC Magazine on April 29, 2009:
Adobe on Tuesday confirmed that its popular Reader and Acrobat software contains another zero-day vulnerability.
The bug, first reported in an advisory on Security Focus, impacts all supported versions of Reader and Acrobat on the Windows, Macintosh and Linux platforms. Proof-of-concept code is circulating on the internet, but Adobe representatives said they are not aware of any in-the-wild exploits.
"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe's David Lenoe said on the company's Product Security Incident Response Team blog.
"This is not the first time that critical vulnerabilities have been found in Adobe's software," Sophos' Graham Cluley said on Wednesday his blog. "And there is growing concern tha the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."
Adobe representatives defended their stance, saying they did not want to reveal too much information to potential attackers.
Post by: BillV on April 30, 2009, 03:16:09 PM
There was a short string on the GIAC mailing list regarding this as well. Looks like if you need to push out a fix, you can set this key to 0:
Post by: timmedin on April 30, 2009, 11:41:06 PM
Got tired of patching Adobe at work so I switched to FoxIt at home. Seems a little lighter too.
Post by: Ketchup on May 01, 2009, 07:14:43 AM
I agree, Adobe Acrobat is much too bloated and unstable.
Post by: Dark_Knight on May 01, 2009, 10:14:14 AM
The exploit sold for 75K on the Black Market