Adobe PDF flaw gets homebrewed patch
A security researcher has created a homemade patch that could protect Adobe Reader and Acrobat products until a fix is released mid-March.

A researcher for the security firm Sourcefire has published a homemade patch for the flaw which Adobe warned users about last week.
Adobe said at the time that users would have to wait until 11 March for it to release a patch for the flaw, which left users open to malicious PDF files that could be used by attackers to take control of the affected system.
However Lurene Grenier, research engineer at the Sourcefire Vulnerability Research Team, said that the patch (which only worked on Adobe Reader 9) was a replacement DLL that could write over the old version.
She said on the blog: "In the event that you do open a bad PDF file, you should see a pop up with the phrase insufficient data for an image', and nothing will show up. Reader will go on living happily."
However she said that the patch was created using only tools she could find at home, and that there was no guarantee that it would work for all attacks.
According to security research organisation Shadowserver, there have already been targeted attacks that are actively exploiting the flaw. However, disabling JavaScript could mitigate the exploit.
Get the ITPro. daily newsletter
Sign up today and you will receive a free copy of our Focus Report 2025 - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives

‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job

Businesses must get better at sharing cyber information, urges former GCHQ chief

AI PCs are becoming a no-brainer for IT decision makers