Adobe Finally Fixes Remote Launch 0-Day

Trailrunner7 sends in this excerpt from Threatpost (Adobe announcement here): "Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF '/Launch' functionality social engineering attack vector that was disclosed by researcher Didier Stevens. As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file." Relatedly, Brian Krebs blogs about the downsides of Adobe's increasingly Byzantine update process.

Re:Still I don't know

[The MAZZTer]

At first I thought you were just clueless, then I realized you were just a troll, now I'm just confused.

Re:It's not a 0-day anymore....

[vawarayer]

Details in the PDF file attached to this e-mail.

is this distributed through windows update?

[Anonymous Coward]

is it? oh shit