Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The flaw, which came to light yesterday, is the software’s execution of Javascript and allows attackers to ether run code on target systems or crash the application. US-CERT has also issued an advisory on the problem, which occurs in the "getAnnots" JavaScript function.
“All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue,” said Adobe in a blog posting.
“Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this issue.”
The company has given a timeline for the release of a patch but has said that, so far, no exploits have been seen in the wild.
The announcement is embarrassing for Adobe, coming after flaws that appeared last month. Some security experts are now recommending people switch to free alternative readers.
"We've said it before but it's worth repeating — use an alternative to Adobe Acrobat Reader ," said Patrik Runald, a security response manager at F-Secure in the company blog.
“We won't recommend any reader over another as it would be better if people use a wide variety of them. A list of readers can be found here, pdfreaders.org. Others are Foxit, CutePDF, etc.”
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.