Adobe acknowledged what it calls a “critical security” flaw, which causes an integer overflow error in the way the PDF reader parses fonts. Miller said this potential exploit can allow for remote code execution, a claim that has also been confirmed by security firm Secunia, which issued its own advisory.
This all has Adobe moving to fix the flaw quickly, as the company announced it would issue an out-of-band patch the week of August 16, ahead of its regularly scheduled quarterly update that was planned for mid-October.
The patch will update Adobe Reader 9.3.3 for Windows, Mac, and UNIX, in addition to Adobe Acrobat 9.3.3 for Windows and Mac. Also affected by the updates are Adobe Reader 8.2.3 and Adobe Acrobat 8.2.3, both for Windows and Mac.
A spokesperson for Adobe told Infosecurity that the company is not aware of any exploits in the wild concerning these vulnerabilities.