We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Hacker hits Adobe Illustrator with new attack

Proof-of-concept zero-day attack posted online

Adobe Systems' security response team is scrambling to fix a newly disclosed bug in its Illustrator software, even as it readies another security patch for next week.

On Tuesday, an unidentified hacker posted a proof-of-concept attack, showing how the Illustrator vulnerability could be leveraged to run unauthorised software on a victim's computer. Adobe said Tuesday that it was investigating the attack, but it's not clear when the software company will fix the issue.

For this attack to work, the users must open a maliciously crafted Encapsulated PostScript (.eps) file in Illustrator, Adobe said in a blog post.

Because this attack code is now public and available to cyber-criminals, this flaw could become a serious issue.

However, Adobe Director of Product Security Brad Arkin said on Tuesday that his team has not yet confirmed that the attack could be used to install a virus on a computer. "We've been able to trigger a crash on at least one version and platform," he said. "As soon as we get all of our details together we'll do an advisory."

Security vendor Secunia says the flaw exists in Illustrator Creative Suite versions 13 and 14, and that other versions of the product may be affected.

Meanwhile, Adobe plans to fix other critical bugs in its Flash Player software on Tuesday. This update is not related to the Illustrator issue and had been previously scheduled, Arkin said. "As far as we can tell, the [Illustrator] bug has absolutely nothing to do with Flash Player."

Tuesday's Flash Player update falls on the same day that Microsoft is planning to issue six security updates for Windows, Office and Internet Explorer, including a patch for a publicly disclosed vulnerability in Internet Explorer.

Following Tuesday's bug-fixes, Adobe's next set of regularly scheduled security updates for its Reader and Acrobat software are due Jan. 12.

See more:

PC security advice


IDG UK Sites

iPhone 6 vs Samsung Galaxy S5 comparison review: Apple takes on Samsung once again in smartphone...

IDG UK Sites

Just another opinion about Apple's new iPhone

IDG UK Sites

Intel Xeon E5 v3 Haswell processors review: we check out the fastest chips on the planet

IDG UK Sites

Apple Watch hands-on review | Apple Watch design, spec, features & UK pricing