Adobe shipped a critical Reader/Acrobat patch to address a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX computer users to malicious hacker attacks.
The update, which affects Adobe Reader/Acrobat 9.3.2 (and earlier versions), includes a fix for the outstanding PDF “/Launch” functionality social engineering attack vector that was disclosed by researcher Didier Stevens.
As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities.
Adobe said in a statement that the newest version prevents from misusing the command.
We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.
For more information on Adobe’s Security Advisories click here.
