Adobe on Tuesday released updates for Reader and Acrobat that plug 17 critical holes, including one being exploited in the wild to take control of computers and one that could be used to launch an attack using social engineering and PDF files.
Adobe warned about the vulnerability being used in attacks, which also affected Flash Player, in early June and plugged the hole in Flash on June 10.
Meanwhile, the PDF vulnerability was made public in late March by security researcher Didier Stevens, who fashioned a proof-of-concept attack that relied on the "/launch" functionality. Another researcher at NitroSecurity took advantage of the same flaw to create a proof-of-concept attack about a week later.
More: http://news.cnet.com/8301-27080_3-20009190-245.html
Adobe warned about the vulnerability being used in attacks, which also affected Flash Player, in early June and plugged the hole in Flash on June 10.
Meanwhile, the PDF vulnerability was made public in late March by security researcher Didier Stevens, who fashioned a proof-of-concept attack that relied on the "/launch" functionality. Another researcher at NitroSecurity took advantage of the same flaw to create a proof-of-concept attack about a week later.
More: http://news.cnet.com/8301-27080_3-20009190-245.html