With new attack released, Adobe to patch next week
- 04 December, 2009 07:36
- Comments
Adobe Systems' security response team is scrambling to fix a newly disclosed bug in its Illustrator software, even as it readies another security patch for next week.
On Tuesday, an unidentified hacker posted a proof of concept attack, showing how the Illustrator vulnerability could be leveraged to run unauthorized software on a victim's computer. Adobe said Tuesday that it was investigating the attack, but it's not clear when the software company will fix the issue.
For this attack to work, the users must open a maliciously crafted Encapsulated PostScript (.eps) file in Illustrator, Adobe said in a blog post.
Because this attack code is now public and available to cyber-criminals, this flaw could become a serious issue.
However, Adobe Director of Product Security Brad Arkin said Tuesday that his team has not yet confirmed that the attack could be used to install a virus on a computer. "We've been able to trigger a crash on at least one version and platform," he said. "As soon as we get all of our details together we'll do an advisory."
Security vendor Secunia says the flaw exists in Illustrator Creative Suite versions 13 and 14, and that other versions of the product may be affected.
Meanwhile, Adobe plans to fix other critical bugs in its Flash Player software on Tuesday. This update is not related to the Illustrator issue and had been previously scheduled, Arkin said.
"As far as we can tell, the [Illustrator] bug has absolutely nothing to do with Flash Player."
Tuesday's Flash Player update falls on the same day that Microsoft is planning to issue six security updates for Windows, Office and Internet Explorer, including a patch for a publicly disclosed vulnerability in Internet Explorer.
Following Tuesday's bug-fixes, Adobe's next set of regularly scheduled security updates for its Reader and Acrobat software are due Jan. 12.
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
- Proof of concept attack
- Potential Adobe Illustrator CS4 issue - Adobe Product Security Incident Response Team (PSIRT)
- Adobe Illustrator Encapsulated Postscript Parsing Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com
- The Microsoft Security Response Center (MSRC) : December 2009 Bulletin Release Advance Notification
-
Lenovo ordered to pay €1920 for making French laptop buyer pay for Windows too
-
Wikileaks suspect to face US court-martial
-
Wikileaks suspect to face US court-martial
-
Telstra reports issue with BigPond email accounts
-
Samsung Galaxy S II Android phone
-
Windows 7 for Dummies® Dvd+book Bundle
-
MYOB Software for Dummies 6E Australian Edition
-
Computers for Seniors for Dummies, 2nd Edition
-
Office 2007 for Dummies
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Teach Yourself Visually Windows 7
-
Windows 7 for Dummies®
-
Windows 7 for Seniors for Dummies®
-
Microsoft Office
Get exclusive access to Techworld news, reports & analysis. 
Comments
Post new comment