Adobe promises fixes for latest flaws by next week

Adobe Systems expects to have patches ready to fix the latest flaws in Acrobat and Reader by next week.

“We are in the process of fixing the issue and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th,” wrote David Lenoe, a security program manager, on Adobe’s security blog.

The update will fix the problem in versions 7.x, 8.x and 9.x for Reader and Acrobat on Windows, versions 8.x and 9.x of Reader and Acrobat for Macintosh, and Reader versions 8.x and 9.x for Unix. It will repair bug CVE-2009-1492, which concerns Adobe’s implementation of JavaScript in Reader and Acrobat.

That flaw could allow a hacker to create a malicious PDF file that could allow execution of other arbitrary code. Attack code was published last week on the SecurityFocus Web site.

Adobe has also identified a second vulnerability in Reader for Unix, CVE-2009-1493. That will also be fixed in the upcoming updates, Lenoe wrote. That flaw doesn’t appear to affect Windows or Macintosh, he wrote.

Until the patches come out, people should disable JavaScript in both of the applications. Under the preferences menu of the “edit” function, JavaScript can be de-selected, which would then stop an attack.

Adobe has battled bugs in Reader and Acrobat for some time. The vulnerabilities are valuable to hackers since they can create malicious documents to exploit the flaw and gain control over a computer. Since PDF files are widely used, there’s a higher chance that a victim can be tricked into opening one and ceding control of their computer.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.