After code is released, Adobe Illustrator fix due Jan 8

The zero-day attack was released last week

Nearly a week after an unidentified hacker posted attack code that exploits a flaw in Adobe's Illustrator software, the company says it will fix the issue by Jan. 8.

In a security advisory released Monday, Adobe confirmed that the attack affects versions 3 and 4 of its Illustrator Creative Suite software and said the flaw could give hackers a way to run unauthorized software on a victim's computer.

The attack code, posted last Tuesday, works when a victim opens a specially crafted Encapsulated PostScript (.eps) file in Illustrator. "Adobe categorizes this as a critical issue and recommends that users avoid opening .eps files from unknown or untrusted sources in Illustrator until a patch is available," the company said.

"Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010," the company added in a note on its Web site.

Meanwhile, both Adobe and Microsoft are scheduled to issue critical security patches on Tuesday. Adobe will fix critical flaws in Flash Player. Microsoft is set to fix 12 bugs in a variety of its products, including a critical flaw in Internet Explorer that was publicly disclosed a few weeks ago.

Join the newsletter!

Error: Please check your email address.

Tags security patchexploits and vulnerabilitieszero day exploitadobe illustrator

More about Adobe SystemsCreativeMicrosoftPSA

Show Comments
[]