Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader:
Eleven critical bugs in Adobe’s popular and free PDF reader, Acrobat, open both Window and macOS users to attacks ranging from an adversary arbitrarily executing commands on a targeted system to data leakage tied to system-read and memory flaws.
In a Tuesday security bulletin, which included patches for all flaws, the company reported that Windows and macOS versions of Acrobat were equally vulnerable. Adobe added however that it was not aware of any abuse of the bugs in the wild.
The free Acrobat Reader 2020 and PDF-creation and editing software Acrobat 2020 were among the list of those programs with critical bugs patched. Adobe also patched Acrobat DC, Acrobat DC Reader, Acrobat Reader 2017 and Acrobat 2017. In all, Adobe patched 20 Acrobat bugs, with nine rated important.
Two of the most serious Acrobat vulnerabilities are use-after-free flaws (CVE-2021-28641, CVE-2021-28639) that, in a worst case scenario, allow an adversary to execute code arbitrarily on targeted systems or just create application crashes.
One of the more interesting critical bugs patched is a type of vulnerability called an “uncontrolled search path element” flaw (CVE-2021-28636). The vulnerability class also goes by the names DLL preloading, insecure library loading and dependency confusion. It’s unclear how the weakness was introduced to Adobe Acrobat.
(Score: 0) by Anonymous Coward on Tuesday July 13, @09:26PM (1 child)
"It’s unclear how the weakness was introduced to Adobe Acrobat."
Same as every backdoor
(Score: 2) by FatPhil on Tuesday July 13, @09:44PM
And before anyone gets smug - 90% of coders are shitty coders. As soon as it became a "career", it attracted droolers. Fortunately, languages were designed that make such programming errors impossible, so the droolers could advance in their careers without their droolerness being found out.
I know I'm God, because every time I pray to him, I find I'm talking to myself.
(Score: 0) by Anonymous Coward on Tuesday July 13, @09:35PM (1 child)
Long ago, Adobe was a great company. If you ever get your hands on any of the Postscript technical manuals (Red Book, Green Book, etc), they set a high standard for tech writing and typesetting.
Now I use SumatraPDF to display pdf files, and I create pdf's by printing to Bullzip (if pdf export isn't already built-in to the application). I might have to "secure sign" a pdf once or twice a year and then out comes an old version of Acrobat Reader--that's all I use it for these days.
(Score: 2) by FatPhil on Tuesday July 13, @09:45PM
I know I'm God, because every time I pray to him, I find I'm talking to myself.