Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
JavaScript flaw reported in Adobe Reader
Published: 2009-04-28

The United States' Computer Emergency Readiness Team (US-CERT) warned users of the ubiquitous Adobe Reader to disable the program's use of Javascript after Adobe warned on Monday that a possible flaw had been found.

In a post to its product security blog, the company said it was investigating reports of a serious flaw in Adobe Reader. While initial reports only stated that a flaw had been found in the Linux version of Adobe Reader, the company updated the post on Tuesday to include Windows and Mac OS X versions as well.

"Adobe plans to provide updates for all affected versions for all platforms — Windows, Macintosh and Unix — to resolve this issue," the company stated on its blog. "We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue."

The warnings appear similar to those that forced Adobe to issue a security advisory in February, and a patch the following month, urging users to beware of Reader attacks. Because of their ubiquity, Adobe's Acrobat and Flash software have become popular targets of security researchers, who try to find vulnerabilities to help secure software, and online criminals, who try to exploit the vulnerabilities. The repeated vulnerabilities and the lure of such a large user base have caused at least one security company, F-Secure, to recommend that people use alternate applications.

As a workaround for the problem, the US-CERT recommended that people turn off Javascript.

"US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk," the response group warned in an advisory on Tuesday.

The vulnerability in Adobe Reader was first disclosed through SecurityFocus's Bugtraq database.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:
JavaScript flaw reported in Adobe Reader 2009-04-29
xort@blacksecurity







 

Privacy Statement
Copyright 2009, SecurityFocus