An Adobe patch for a well-publicized bug in the company's Reader PDF software doesn't fix the vulnerability, the security researcher who uncovered the flaw confirmed.

Last Tuesday, Adobe shipped an update for Reader and Acrobat, its popular PDF-viewing and -creation programs, that patched 17 vulnerabilities, including a design issue that gave attackers an easy way to con users into running malware. The bug, which was disclosed by Belgian researcher Didier Stevens in late March, allowed hackers to leverage the "/Launch" function, a feature that executes other software from within a PDF document.

When combined with another trick -- Stevens also showed how a Reader warning could be changed to further fool users -- the flaw could be used to dupe users into launching malware masquerading as legitimate software.

More: http://www.computerworld.com/s/article/9178897/