Adobe has launched a set of security updates for Adobe Acrobat and Reader for windows and Mac, patching vulnerabilities that could enable an attacker to take handle of the affected equipment.
One vulnerability in Adobe Acrobat Reader DC can also be exploited for the functions of arbitrary code execution, Adobe observed.
Uncovered by using Cisco Talos researcher Aleksandar Nikolic, the TALOS-2017-0361 / CVE-2017-11263 take advantage of manifests in the parser application, the software element which takes inputs and builds them into information, in the Acroform parsing performance used in PDFs.
A especially-crafted PDF document may well be designed to set off this vulnerability and lead the parser to into an unintended state and for this reason enable an attacker to access or overwrite memory inner the technique for the applications of arbitrary code execution.
The vulnerability can be brought on by a sufferer opening the malicious file or accessing a malicious webpage.
Adobe has launched a utility update that addresses the vulnerability, alongside updates for other vulnerabilities rated critical and critical that “might potentially permit an attacker to take control of the affected equipment”.