Two New Exploitable Security Holes Plague Adobe
Article by George Norman
On 29 Apr 2009
It has come to light that there are two 0-day security vulnerabilities affecting “all currently supported shipping versions” of Adobe Acrobat and Adobe Reader (this includes the recently release Acrobat 9.1 and Reader 9.1). Proof-of-concept exploit code regarding the vulnerability has been published online, meaning that you need to take steps in order to protect your system. The only viable options, until Adobe released an update are:

1. Turn off JavaScript in Adobe Reader. In order to accomplish this task you need to follow these steps: launch Adobe Acrobat/Reader -> Edit -> Preferences-> select JavaScript -> Uncheck “Enable Acrobat JavaScript” -> Click “OK”.
2. Switch to alternate PDF readers. A list is provided here. Keep in mind that you do not need a PDF reader to view PDF documents in Gmail, for example. Also keep in mind that you could convert PDF documents to other formats (for free, online), and open the converted document instead.

Advertising

Here is what F-Secure, company that specializes in providing security software solutions, has to say about the security holes: “Two new vulnerabilities have been found in Adobe Reader and are under investigation by Adobe. The vulnerabilities exist in two JavaScript functions; getAnnots() and spell.customDictionaryOpen() and both allow remote code execution. This means they both could be used in targeted attacks and drive-by downloads. There are PoCs (Proof of Concept) available for both vulnerabilities but so far no in-the-wild attacks. We've said it before but it's worth repeating — use an alternative to Adobe Acrobat Reader.”

The security vulnerability has been acknowledged by Adobe: “All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue.”



Tags: Adobe, JavaScript, Security, F-Secure
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 17 Jul 2017
If you want top notch protection for your Windows computer, you can’t go wrong by getting something developed by the internationally renowned security company Kaspersky Lab. The problem is that…
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Two New Exploitable Security Holes Plague Adobe
HTML Linking Code