Adobe confirms new flaw, recommends turning off JavaScript

Share this article:
Adobe on Tuesday confirmed that its popular Reader and Acrobat software contains another zero-day vulnerability.

The bug, first reported in an advisory on Security Focus, impacts all supported versions of Reader and Acrobat on the Windows, Macintosh and Linux platforms. Proof-of-concept code is circulating on the internet, but Adobe representatives said they are not aware of any in-the-wild exploits.

"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe's David Lenoe said on the company's Product Security Incident Response Team blog.

In the meantime, Lenoe recommended that users disable JavaScript to protect themselves against attacks. He describes how in the blog post.

News of the flaw, which relates to a JavaScript memory corruption error and garnered a "highly critical" rating from Secunia, comes not long after Adobe was forced to deal with a similar bug that was being targeted in active attacks -- but took the software giant weeks to patch. Some observers criticized the company for the delayed disclosure of the bug and the subsequent slow fix, while others recommended using alternative PDF readers, such as Foxit.

"This is not the first time that critical vulnerabilities have been found in Adobe's software," Sophos' Graham Cluley said on Wednesday on his blog. "And there is growing concern that the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."

Adobe representatives defended their stance, saying they did not want to reveal too much information to potential attackers.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.