Adobe confirms new flaw, recommends turning off JavaScript

Share this article:
Adobe on Tuesday confirmed that its popular Reader and Acrobat software contains another zero-day vulnerability.

The bug, first reported in an advisory on Security Focus, impacts all supported versions of Reader and Acrobat on the Windows, Macintosh and Linux platforms. Proof-of-concept code is circulating on the internet, but Adobe representatives said they are not aware of any in-the-wild exploits.

"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe's David Lenoe said on the company's Product Security Incident Response Team blog.

In the meantime, Lenoe recommended that users disable JavaScript to protect themselves against attacks. He describes how in the blog post.

News of the flaw, which relates to a JavaScript memory corruption error and garnered a "highly critical" rating from Secunia, comes not long after Adobe was forced to deal with a similar bug that was being targeted in active attacks -- but took the software giant weeks to patch. Some observers criticized the company for the delayed disclosure of the bug and the subsequent slow fix, while others recommended using alternative PDF readers, such as Foxit.

"This is not the first time that critical vulnerabilities have been found in Adobe's software," Sophos' Graham Cluley said on Wednesday on his blog. "And there is growing concern that the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."

Adobe representatives defended their stance, saying they did not want to reveal too much information to potential attackers.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.