Adobe Acrobat Reader is one of the most used applications for reading PDF files. Today we will talk about a new vulnerability that Talos has revealed. We should mention that Talos is creating threat intelligence for Cisco products in order to detect, analyze and protect customers from both emerging and known threats.
The vulnerability that we are talking about has the number TALOS-2016-259 / CVE-2017-2791, which is an uninitialized memory vulnerability that has been found in the Adobe Acrobat Reader DC.
This vulnerability is associated with the JPEG Decoder functionality that has embedded into the application. In other words, a specially crafted PDF document that contains a JPEG can be used to trigger this vulnerability. Once this happens, a head-based buffer overflow happens, which can allow remote code execution.
The good news is that this problem has already been solved by Adobe in the most recent patch. This is the reason why we suggest you to install/update to the latest Acrobat Reader DC as soon as possible.
We should mention that Adobe is also trying to fix all bugs that its Flash Player has, but it seems that these issues never seem to come to an end. Unfortunately for Adobe, the Flash Player will most likely die within a few months, as HTML5 is already getting more and more popular. In fact, HTML5 is already being used by YouTube, which is one of the most popular video websites out there.
We think that Adobe understood the importance of these updates and it seems that now the company is giving more attention to all bugs that its applications have. We think that in the future, all problems that will be found on this application will be fixed faster than before.
Are you using Adobe Acrobat Reader DC to open PDF files? Tell us your thoughts about Adobe’s applications and tools!
Every techie needs a pair of sick headphones. Neurogadget recommends these Audio Technica Professional Studio Monitor Headphones for both their quality and their cool-factor.