Two New Exploitable Security Holes Plague Adobe
It has come to light that there are two 0-day security vulnerabilities affecting “all currently supported shipping versions” of Adobe Acrobat and Adobe Reader (this includes the recently release Acrobat 9.1 and Reader 9.1). Proof-of-concept exploit code regarding the vulnerability has been published online, meaning that you need to take steps in order to protect your system. The only viable options, until Adobe released an update are:
1. Turn off JavaScript in Adobe Reader. In order to accomplish this task you need to follow these steps: launch Adobe Acrobat/Reader -> Edit -> Preferences-> select JavaScript -> Uncheck “Enable Acrobat JavaScript” -> Click “OK”.
2. Switch to alternate PDF readers. A list is provided here. Keep in mind that you do not need a PDF reader to view PDF documents in Gmail, for example. Also keep in mind that you could convert PDF documents to other formats (for free, online), and open the converted document instead.
Here is what F-Secure, company that specializes in providing security software solutions, has to say about the security holes: “Two new vulnerabilities have been found in Adobe Reader and are under investigation by Adobe. The vulnerabilities exist in two JavaScript functions; getAnnots() and spell.customDictionaryOpen() and both allow remote code execution. This means they both could be used in targeted attacks and drive-by downloads. There are PoCs (Proof of Concept) available for both vulnerabilities but so far no in-the-wild attacks. We've said it before but it's worth repeating — use an alternative to Adobe Acrobat Reader.”
The security vulnerability has been acknowledged by Adobe: “All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue.”
Tags: Adobe, JavaScript, Security, F-Secure
1. Turn off JavaScript in Adobe Reader. In order to accomplish this task you need to follow these steps: launch Adobe Acrobat/Reader -> Edit -> Preferences-> select JavaScript -> Uncheck “Enable Acrobat JavaScript” -> Click “OK”.
2. Switch to alternate PDF readers. A list is provided here. Keep in mind that you do not need a PDF reader to view PDF documents in Gmail, for example. Also keep in mind that you could convert PDF documents to other formats (for free, online), and open the converted document instead.
Advertising
Here is what F-Secure, company that specializes in providing security software solutions, has to say about the security holes: “Two new vulnerabilities have been found in Adobe Reader and are under investigation by Adobe. The vulnerabilities exist in two JavaScript functions; getAnnots() and spell.customDictionaryOpen() and both allow remote code execution. This means they both could be used in targeted attacks and drive-by downloads. There are PoCs (Proof of Concept) available for both vulnerabilities but so far no in-the-wild attacks. We've said it before but it's worth repeating — use an alternative to Adobe Acrobat Reader.”
The security vulnerability has been acknowledged by Adobe: “All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue.”
Tags: Adobe, JavaScript, Security, F-Secure
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 09 Sep 2011
Adobe, California-based company that specializes in creating multimedia and creativity software products supports its products for a time period of five years. The company announced yesterday
By George Norman on 23 Sep 2011
F-Secure, Finland-based company that specializes in providing antivirus and security software solutions, has recently announced that it released a new app that’s meant to keep you safe on
By George Norman on 01 Nov 2011
Great news comes from F-Secure, Finland-based company that specializes in providing antivirus and security software solutions. The company is running a sweepstakes and it’s giving you the chance to win a 
By George Norman on 05 Jan 2012
This is proof that there are a lot of threats on the web and the perfect example of why you should use a properly good security solution to secure your data against viruses and other malwareAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Two New Exploitable Security Holes Plague Adobe
HTML Linking Code
HTML Linking Code