We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,585 News Articles

Adobe warns Acrobat users over third-party security patch

Wait for the official patch in October

After warning users earlier this week of a potential security risk in their popular Acrobat PDF software, Adobe is now cautioning users against installing a third-party patch that claims to address the issue. The vulnerability, detailed on Adobe's site, affects all versions of Adobe Acrobat and Reader for various OSes, including Mac OS X, Windows, Linux, and Android.

The third-party patch released yesterday by security firm RamzAfzar was purportedly developed in two hours, and has been released well ahead of the projected October 4th release date for the official Adobe patch.

The Nerdy Details

If you aren't a security nerd, feel free to skip to the next section. Otherwise, read on!

The vulnerability itself is rooted in the use of an unsafe method for memory manipulation, which RamzAfzar claims to have fixed by replacing the insecure calls with code that prevents an attacker from gaining control of a target computer with the exploit.

While Adobe is correct to warn users that installing an unofficially patched DLL containing program code is a risk in itself, the fact remains that the original bug is both embarrassing and costly, considering it is a well-known attack vector in most software and could have easily been prevented.

The function call at the core of the issue is "strcat", which copies data from one memory location to another, but doesn't validate the amount of information to transfer, whereas the revised "strncat" was developed specifically to prevent this sort of vulnerability.

Avoiding the Bug

If you're using Adobe Reader, there's not much you can do to avoid the bug until Adobe releases its update. You can, however, install an alternate PDF reader, such as Foxit Reader for Windows, which will help you avoid attacks on Adobe Reader. Mac users can use Preview, the image viewer bundled with Mac OS X. And we'll let you know about the official Adobe update as soon as it's released.

IDG UK Sites

Samsung Galaxy S6 release date and specs rumours: When will the Galaxy S6 come out?

IDG UK Sites

How to win iTunes Festival 2014 tickets: See Pharrell Williams, Sam Smith, Kylie & more live, for...

IDG UK Sites

Microsoft's all or nothing bet on Windows Phone is the best way forward

IDG UK Sites

Google adds better type rendering to its Chrome browser on Windows