iTnews
  • Home
  • News
  • Technology
  • Security

Adobe confirms Reader flaw, advises on workarounds

By Dan Kaplan on Dec 17, 2009 10:13AM

Impacts versions 9.2 and earlier.

Adobe has confirmed a zero-day vulnerability in its Reader and Acrobat software and plans to release a patch on January 12 for the dangerous bug.

According to an advisory issued yesterday, the vulnerability impacts version 9.2 and earlier for Windows, Mac and UNIX platforms. A successful exploit can allow an attacker to crash or take control of a targeted system.

As users await an updated version of the popular PDF management products, the company recommended IT administrators utilize the JavaScript Blacklist Framework, which offers granular control over the execution of specific JavaScript API calls. Individual users, meanwhile, simply can opt to disable JavaScript in Reader and Acrobat by unchecking the "Enable Acrobat JavaScript"option.

In addition, customers can leverage Data Execution Prevention (DEP), a Vista and Windows 7 security feature that prevents an application from executing code in certain memory regions. The functionality also is available on Windows XP Service Pack 3.

Exploits currently are being delivered as a malicious PDF attached to emails, security experts said. So far, the attacks have been fairly targeted, but that is expected to change, especially now that the exploit has been added to the Metasploit framework.

David Lenoe, a security program manager at Adobe, said in a blog post that users may be helped by their anti-virus vendors.

"Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available," he said.

Exploits for the vulnerability began surfacing late last week, though a majority of security solutions were failing to detect the malicious PDFs being used in the ambushes, according to the Shadowserver Foundation, an internet security watchdog.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
acrobatadobefixflawpatchreadersecurityvulnerabilityworkarounds

Partner Content

Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Dan Kaplan
Dec 17 2009
10:13AM
0 Comments

Related Articles

  • Cisco collaboration software vulnerabilities fixed
  • Intel memory firmware bug hits hundreds of products
  • Aruba publishes patches for 21 security bugs
  • Atlassian patches auth bypass in Seraph
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs

ADHA extends Accenture's My Health Record support deal for $100m

ADHA extends Accenture's My Health Record support deal for $100m

Wesfarmers to stand up offensive cyber security capabilities

Wesfarmers to stand up offensive cyber security capabilities

Digital Nation

Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.