Adobe warns of new Reader, Acrobat vulnerability
updated 10:15 am EST, Wed December 16, 2009
Threat an active one, company says
A "critical" security vulnerability has been discovered in all versions of Reader and Acrobat, says Adobe. While the company is not providing many details, it does note that hackers can use the flaw to force a crash, and potentially assume control of an affected system. Unlike many such vulnerabilities, the new one is described as being present in the wild, and not just theoretical.
Security experts suggest that the exploit is connected to Adobe's handling of JavaScript code, and that the simplest way to block an attack is to disable JavaScript within Reader and Acrobat. The action is in fact recommended as a rule, given that a number of other attacks have also been directed through JavaScript. People can alternately avoid problems by only downloading PDF files from trusted sources.
Macs are said to be immune from takeovers at present, but will still crash when opening a malicious PDF. Windows Vista and 7 can likewise limit damage through Data Execution Prevention.
No immediate patches are expected from Adobe, but the company does say it will have one ready by January 12th at the latest.



Fresh-Faced Recruit
Joined: Oct 1999
Vulnerability, Schmulnerability...
WHEN is Adobe going to fix the non-working Acrobat Pro PDF print driver problem in Snow Leopard?