Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe has confirmed a zero-day vulnerability in its Reader and Acrobat software and plans to release a patch on January 12 for the dangerous bug.According to an advisory issued yesterday, the vulnerability impacts version 9.2 and earlier for Windows, Mac and UNIX platforms. A successful exploit can allow an attacker to crash or take control of a targeted system.As users await an updated version of the popular PDF management products, the company recommended IT administrators utilize the JavaScript Blacklist Framework, which offers granular control over the execution of specific JavaScript API calls. Individual users, meanwhile, simply can opt to disable JavaScript in Reader and Acrobat by unchecking the "Enable Acrobat JavaScript"option. In addition, customers can leverage Data Execution Prevention (DEP), a Vista and Windows 7 security feature that prevents an application from executing code in certain memory regions. The functionality also is available on Windows XP Service Pack 3.Exploits currently are being delivered as a malicious PDF attached to emails, security experts said. So far, the attacks have been fairly targeted, but that is expected to change, especially now that the exploit has been added to the Metasploit framework. David Lenoe, a security program manager at Adobe, said in a blog post that users may be helped by their anti-virus vendors."Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available," he said.Exploits for the vulnerability began surfacing late last week, though a majority of security solutions were failing to detect the malicious PDFs being used in the ambushes, according to the Shadowserver Foundation, an internet security watchdog.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.