Adobe PDF flaw gets homebrewed patch
A security researcher has created a homemade patch that could protect Adobe Reader and Acrobat products until a fix is released mid-March.

A researcher for the security firm Sourcefire has published a homemade patch for the flaw which Adobe warned users about last week.
Adobe said at the time that users would have to wait until 11 March for it to release a patch for the flaw, which left users open to malicious PDF files that could be used by attackers to take control of the affected system.
However Lurene Grenier, research engineer at the Sourcefire Vulnerability Research Team, said that the patch (which only worked on Adobe Reader 9) was a replacement DLL that could write over the old version.
She said on the blog: "In the event that you do open a bad PDF file, you should see a pop up with the phrase insufficient data for an image', and nothing will show up. Reader will go on living happily."
However she said that the patch was created using only tools she could find at home, and that there was no guarantee that it would work for all attacks.
According to security research organisation Shadowserver, there have already been targeted attacks that are actively exploiting the flaw. However, disabling JavaScript could mitigate the exploit.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Vulnerability management complexity is leaving enterprises at serious risk
News Fragmented data and siloed processes mean remediation is taking too long
By Emma Woollacott
-
The threat prevention buyer's guide
Whitepaper Find the best advanced and file-based threat protection solution for you
By ITPro
-
Beat cyber criminals at their own game
Whitepaper A guide to winning the vulnerability race and protection your organization
By ITPro
-
Supply chain as kill chain
Whitepaper Security in the era Zero Trust
By ITPro
-
Same cyberthreat, different story
Whitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
By ITPro
-
Microsoft under fire for “negligent” security practices in scathing critique by industry exec
News Microsoft took more than 90 days to issue a partial fix for a critical Azure vulnerability, researchers found
By Ross Kelly
-
Apple patches zero day linked to spyware campaign
News Kaspersky researchers were the first to report a zero day used in a sophisticated attack chain
By Rory Bathgate
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerability
News An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
By Ross Kelly