bit-tech.net

Acrobat suffers security flaw

Acrobat suffers security flaw

The security flaw affects both Adobe Reader and the professional Acrobat programs.

If you've been prompted to install an Adobe Reader update in the last couple of days, I'd go ahead: it's to fix a rather nasty security bug.

A vulnerability report was made public yesterday concerning Adobe's popular Reader product – specifically, the implementation of Javascript with Acrobat-created documents. The issue is present in all versions of Adobe Reader prior to 8.1.2 Security Update 1 as well as the commercial Acrobat packages used to create PDF files. The bug, discovered by the Information Security team at John Hopkins University's Applied Physics Laboratory, can result in a program crash with the potential to execute arbitrary code. It's a bad one, in other words.

Thankfully, the APL team followed reasonable reporting practices and reported the issue to Adobe; with forewarning about the issue before it becomes common knowledge the company was able to work on a advisory of their own, as well as the all-important patch to render the bug harmless.

Coming less than a month after a similar scripting language flaw was revealed in the Flash Player also produced by Adobe, it's clear that the company is going to have to do a bit of work on its image in the computer security world.

If you don't want to wait for your copy of Adobe Reader to prompt you, links to download updates for all affected versions are available on the Adobe website.

Do you disable Javascript in your office applications by default, or is this something that could have caught you unawares? Share your thoughts over in the forums.

5 Comments

Discuss in the forums Reply
Woodstock 25th June 2008, 11:57 Quote
acrabat is just one big security flaw
DougEdey 25th June 2008, 11:58 Quote
It fails sooo hard, at least with 8 it doesn't stall the browser on Windows when it downloads a PDF. But still REALLY bad.
bowman 25th June 2008, 14:33 Quote
Acrobat Reader is the worst application I've ever used. Ever.

Get Foxit Reader to keep your sanity intact.
Cupboard 25th June 2008, 20:14 Quote
Foxit reader ftw
It doesn't kill my computer! Even my desktop hangs for a while whilst trying to open Acrobat reader
g3n3tiX 25th June 2008, 21:12 Quote
I can't update flash because with versions > 9.0.47 fullscreen video gets 1 fps and 100% cpu usage...
Works fine for the moment with the old version.

Stupid "video acceleration". 've got a x1400 with updated drivers, yet it doesn't work.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums