Adobe confirms new flaw, recommends turning off JavaScript

Share this article:
Adobe on Tuesday confirmed that its popular Reader and Acrobat software contains another zero-day vulnerability.

The bug, first reported in an advisory on Security Focus, impacts all supported versions of Reader and Acrobat on the Windows, Macintosh and Linux platforms. Proof-of-concept code is circulating on the internet, but Adobe representatives said they are not aware of any in-the-wild exploits.

"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe's David Lenoe said on the company's Product Security Incident Response Team blog.

In the meantime, Lenoe recommended that users disable JavaScript to protect themselves against attacks. He describes how in the blog post.

News of the flaw, which relates to a JavaScript memory corruption error and garnered a "highly critical" rating from Secunia, comes not long after Adobe was forced to deal with a similar bug that was being targeted in active attacks -- but took the software giant weeks to patch. Some observers criticized the company for the delayed disclosure of the bug and the subsequent slow fix, while others recommended using alternative PDF readers, such as Foxit.

"This is not the first time that critical vulnerabilities have been found in Adobe's software," Sophos' Graham Cluley said on Wednesday on his blog. "And there is growing concern that the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."

Adobe representatives defended their stance, saying they did not want to reveal too much information to potential attackers.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.