We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

Adobe warns Acrobat users over third-party security patch

Wait for the official patch in October

After warning users earlier this week of a potential security risk in their popular Acrobat PDF software, Adobe is now cautioning users against installing a third-party patch that claims to address the issue. The vulnerability, detailed on Adobe's site, affects all versions of Adobe Acrobat and Reader for various OSes, including Mac OS X, Windows, Linux, and Android.

The third-party patch released yesterday by security firm RamzAfzar was purportedly developed in two hours, and has been released well ahead of the projected October 4th release date for the official Adobe patch.

The Nerdy Details

If you aren't a security nerd, feel free to skip to the next section. Otherwise, read on!

The vulnerability itself is rooted in the use of an unsafe method for memory manipulation, which RamzAfzar claims to have fixed by replacing the insecure calls with code that prevents an attacker from gaining control of a target computer with the exploit.

While Adobe is correct to warn users that installing an unofficially patched DLL containing program code is a risk in itself, the fact remains that the original bug is both embarrassing and costly, considering it is a well-known attack vector in most software and could have easily been prevented.

The function call at the core of the issue is "strcat", which copies data from one memory location to another, but doesn't validate the amount of information to transfer, whereas the revised "strncat" was developed specifically to prevent this sort of vulnerability.

Avoiding the Bug

If you're using Adobe Reader, there's not much you can do to avoid the bug until Adobe releases its update. You can, however, install an alternate PDF reader, such as Foxit Reader for Windows, which will help you avoid attacks on Adobe Reader. Mac users can use Preview, the image viewer bundled with Mac OS X. And we'll let you know about the official Adobe update as soon as it's released.

IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...