 |
 |
Security flaw in Adobe Acrobat can compromise OS X computers
|
|
|
|
|
Posting Junkie
Join Date: Jun 2003
Location: Dangling something in the water… of the Arabian Sea
Status:
Offline
|
|
Bugs Bring New Dangers to Acrobat Users
Adobe Systems Inc. has warned of two serious security flaws affecting Windows, Mac OS X and Unix versions of its Acrobat software. The bugs could allow an attacker to execute malicious code on a user's system via a PDF file distributed via e-mail, according to security researchers.
The first flaw affects Version 6.0.2 of Acrobat Reader, according to an advisory posted to the Bugtraq mailing list by security research firm iDefense, which discovered both bugs. Reader incorrectly parses the .etd files used in eBook transactions so that an .etd file containing special code in the "title" or "baseurl" fields can cause an invalid memory access.
This could allow the execution of malicious code with the privileges of the user, iDefense said. An attacker could exploit this bug by sending an e-mail message including either an attached PDF file or a link to the file.
Earlier versions of Acrobat Reader 6 may also be vulnerable, and Adobe Acrobat may also be affected, iDefense said. Adobe has released Version 6.0.3 of both Acrobat and Reader for the Windows and Mac OS X platforms, which fixes the problem.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Cambridge UK
Status:
Offline
|
|
They've just pulled the 6.0.3 update...
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2003
Status:
Offline
|
|
Thanks for the heads up, Eug. 
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: May 2001
Location: Cupertino, CA
Status:
Offline
|
|
IIRC 6.0.2 was also a security update just released a matter of weeks ago. Maybe the time has come for me to just remove this software from my Mac, since I hardly use it.
(Last edited by itai195; Dec 15, 2004 at 06:00 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2002
Status:
Offline
|
|
Originally posted by itai195:
IIRC 6.0.2 was also a security update just released a matter of weeks ago. Maybe the time has come for me to just remove this software from my Mac, since I hardly use it.
Acrobat 6.0.2 has been out for several months at this point.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2000
Location: Cambridge
Status:
Offline
|
|
That figures. Personally, I hate Acrobat 6. When I made builds for my college, I'd remove it and put 5 in its place. Version 5 wasn't great, but it didn't suck half as bad, nor did it add a stupid "eBooks" folder into Documents. Man, that sort of thing really burns me.
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: May 2001
Location: Cupertino, CA
Status:
Offline
|
|
Originally posted by ChrisF:
Acrobat 6.0.2 has been out for several months at this point.
Ahh, we are only just now installing it on machines where I work.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Of course, this 1) only affects the three people who use eBooks, and 2) would still require someone to get off his ass and write malicious code for the Mac, which is a possibility that has always existed but nobody has taken.
|
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
