05 Aug 2010
Win 7 Ultimate 64-bit. SP1.
Adobe Confirms New Adobe Reader Zero-Day Bug
Adobe has confirmed a zero-day remote code execution vulnerability revealed by a security researcher during the Black Hat security conference last week. The company has yet to decide if it needs to break out of its quarterly update cycle in order to patch it.
The Adobe bug was disclosed by renowned hacker and security researcher Charlie Miller during his Black Hat talk on crash analysis techniques. Miller's presentation focused around a tool called BitBlaze, developed at UC Berkeley, which can be used to significantly decrease the time it takes researchers or developers to analyze if crashes are exploitable or not.
The hacker chose several bugs in Adobe Reader and OpenOffice for its case studies. The examples included two exploitable bugs in Adobe Reader 9.2.0, that were discovered last November and are already fixed, a non-exploitable flaw and a zero-day vulnerability in the latest version of the application.
More - Adobe Confirms New Adobe Reader Zero-Day Bug - Still evaluating if out-of-band patch is necessary - Softpedia
|My System Specs || |