Adobe to patch zero-day bugs in Reader by this week
Adobe has promised to release an emergency update for two zero-day vulnerabilities found in its popular Adobe Reader software this week. Hackers are already actively exploiting the security vulnerabilities by sending malformed PDF files in email attachments.
In a terse security advisory over the weekend, Adobe (NASDAQ: ADBE) wrote: "Adobe plans to make available updates for Adobe Reader … during the week of February 18, 2013." Updates will be released for Adobe Reader on multiple platforms including Windows, Mac and Linux operating systems.
The exploit is apparently the first to successfully bypass the sandbox technology introduced by Adobe in Reader X more than two years ago. The technology borrows a page from similar implements found in Google's (NASDAQ: GOOG) Chrome browser and uses technology based on Microsoft's (NASDAQ: MSFT) Practical Windows Sandboxing technology.
A victim of its own success, Adobe Reader's security flaws are not new, despite the company's efforts to update its software regularly. Companies tired of chasing after security problems in Adobe Reader may want to check out three alternatives to Adobe Reader. Alternatively, Adobe recommends that PC users upgrade to Adobe 11 and switch on the Windows-only "Protected View" feature that enables additional defensives on top of its sandbox.
- check out this article at PC Mag