Experts from a penetration testing and security auditing firm have patched the Adobe Reader file, which contains a vulnerability currently exploited to infect users with malware.The previously unknown flaw was
discovered last week in the wild, where it was being exploited via malicious PDF documents.
Security researchers later revealed that the exploit uses advanced programming techniques in order to bypass the ASLR and DEP code execution prevention technologies included in Windows Vista and 7.
Two days ago Adobe
announced that it will deliver its quarterly Adobe Reader and Acrobat patches, which will address this vulnerability, earlier.
Originally scheduled for October 12, the updates will now ship during the week of October 4, which unfortunately still leaves users exposed to attacks for three more weeks.
"
We've decided to go on and patch this easy vulnerability and protect at least our customers and all other interested people," researchers from a security company called RamzAfzar, said.
"
After initial analysis we've discovered that exploit exists in insecure strcat call located in CoolType.dll," they note.
RamzAfzar team's solution was to bypass the "strcat" function by redirecting calls to "strncat", a more secure alternative.
"
We patched it without having source code in 2 hours and they need 20 days with code, looks odd to me!," one of the experts commented.
The explanation for this might come from the fact that Adobe doesn't one to release an out-of-band patch for this bug alone.
The October 4 updates will most likely also contain fixes for many other vulnerabilities, which the company is still working on.
In addition, before putting new packages out, the vendor has to thoroughly test them in order to make sure that they don't generate stability issues.
Interested users can download the CoolType.dll patched by RamzAfzar from
here and copy it over the one in the Adobe Reader folder. However, It would be sensible to make a backup of the original one first.
Find us on Google+
