Adobe PDF flaw gets homebrewed patch
A security researcher has created a homemade patch that could protect Adobe Reader and Acrobat products until a fix is released mid-March.
A researcher for the security firm Sourcefire has published a homemade patch for the flaw which Adobe warned users about last week.
Adobe said at the time that users would have to wait until 11 March for it to release a patch for the flaw, which left users open to malicious PDF files that could be used by attackers to take control of the affected system.
However Lurene Grenier, research engineer at the Sourcefire Vulnerability Research Team, said that the patch (which only worked on Adobe Reader 9) was a replacement DLL that could write over the old version.
She said on the blog: "In the event that you do open a bad PDF file, you should see a pop up with the phrase insufficient data for an image', and nothing will show up. Reader will go on living happily."
However she said that the patch was created using only tools she could find at home, and that there was no guarantee that it would work for all attacks.
According to security research organisation Shadowserver, there have already been targeted attacks that are actively exploiting the flaw. However, disabling JavaScript could mitigate the exploit.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
De proyecto piloto a proyecto que da frutos: estas son las empresas que están viendo resultados reales con agentes de IA
A sign of things to come in software development? Mark Zuckerberg says AI will be doing the work of mid-level engineers this year – and he's not the only big tech exec predicting the end of the profession
Global cyber attacks jumped 44% last year