Adobe releases emergency patch for Reader and Acrobat

Adobe has released an emergency update that patches at least 17 holes in its Reader and Acrobat applications. Adobe was to release patches on July 13, but since the critical vulnerabilities were actively being exploited, the company released the fixes ahead of time.

The fixes address a vulnerability in Windows, Mac, and Linux versions of the reader that allows hackers to remotely install malware on end-users’ machines by tricking them into opening a booby-trapped document. The flaw resided in the authplay.dll, AuthPlayLib.bundle, or libauthplay.so.0.0.0 files on Windows, Mac, and Linux machines respectively.

Researcher Didier Stevens had shown that by misusing a feature in the PDF specification, hackers could embed a malicious payload in a document and trick Adobe’s Reader and Acrobat applications (as well as the competing FoxIT Reader) into executing it.

Rajesh had blogged about the “/Launch” attack here. Adobe said it has added code to block any attempts to launch an executable file by default. Moreover they have also altered the way the existing warning dialog appears so as to foil known social-engineering attacks.