Adobe News
!

Zero-day PDF Bug - Patched

!

Posted: 10 Mar 2009 07:51 PM PDT

Adobe release a patch today from a critical vulnerability in its PDF editing and viewing software.

“Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue, including the ‘no-click’ variant of the vulnerability,” said David Lenoe, Adobe’s security program manager.

The ‘no-click’ variant does not rely on a user to open a malformed PDF file. It has been demonstrated that the flaw can be exploited just by letting Windows Explorer read the file automatically such as its title.

Source: COMPUTERWORLD

Adobe Illustrator Zero-Day Bug

!
An exploit code has been released about manipulating Encapsulated Postscript Files (.eps) files. The attack triggers a memory corruption bug.

Illustrator CS3 13.0.0 and CS4 14.0.0 are affected according to Secunia, a security notification firm. Other versions of the vector graphics editor may also be affected.

Adobe is currently investigating the issue. It’s delayed quarterly patch update is due in two days. A fix for a critical flaw in its Flash player is also expected in Tuesday.

Source: The Register