Adobe confirms new flaw, recommends turning off JavaScript

Share this article:
Adobe on Tuesday confirmed that its popular Reader and Acrobat software contains another zero-day vulnerability.

The bug, first reported in an advisory on Security Focus, impacts all supported versions of Reader and Acrobat on the Windows, Macintosh and Linux platforms. Proof-of-concept code is circulating on the internet, but Adobe representatives said they are not aware of any in-the-wild exploits.

"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe's David Lenoe said on the company's Product Security Incident Response Team blog.

In the meantime, Lenoe recommended that users disable JavaScript to protect themselves against attacks. He describes how in the blog post.

News of the flaw, which relates to a JavaScript memory corruption error and garnered a "highly critical" rating from Secunia, comes not long after Adobe was forced to deal with a similar bug that was being targeted in active attacks -- but took the software giant weeks to patch. Some observers criticized the company for the delayed disclosure of the bug and the subsequent slow fix, while others recommended using alternative PDF readers, such as Foxit.

"This is not the first time that critical vulnerabilities have been found in Adobe's software," Sophos' Graham Cluley said on Wednesday on his blog. "And there is growing concern that the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."

Adobe representatives defended their stance, saying they did not want to reveal too much information to potential attackers.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.