Two New Exploitable Security Holes Plague Adobe
Article by George Norman
On 29 Apr 2009
It has come to light that there are two 0-day security vulnerabilities affecting “all currently supported shipping versions” of Adobe Acrobat and Adobe Reader (this includes the recently release Acrobat 9.1 and Reader 9.1). Proof-of-concept exploit code regarding the vulnerability has been published online, meaning that you need to take steps in order to protect your system. The only viable options, until Adobe released an update are:

1. Turn off JavaScript in Adobe Reader. In order to accomplish this task you need to follow these steps: launch Adobe Acrobat/Reader -> Edit -> Preferences-> select JavaScript -> Uncheck “Enable Acrobat JavaScript” -> Click “OK”.
2. Switch to alternate PDF readers. A list is provided here. Keep in mind that you do not need a PDF reader to view PDF documents in Gmail, for example. Also keep in mind that you could convert PDF documents to other formats (for free, online), and open the converted document instead.


Here is what F-Secure, company that specializes in providing security software solutions, has to say about the security holes: “Two new vulnerabilities have been found in Adobe Reader and are under investigation by Adobe. The vulnerabilities exist in two JavaScript functions; getAnnots() and spell.customDictionaryOpen() and both allow remote code execution. This means they both could be used in targeted attacks and drive-by downloads. There are PoCs (Proof of Concept) available for both vulnerabilities but so far no in-the-wild attacks. We've said it before but it's worth repeating — use an alternative to Adobe Acrobat Reader.”

The security vulnerability has been acknowledged by Adobe: “All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue.”

Tags: Adobe, JavaScript, Security, F-Secure
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Two New Exploitable Security Holes Plague Adobe
HTML Linking Code