Yet another security flaw surfaces in Adobe Reader

by Lee Mathews (RSS feed) Apr 28th 2009 at 5:00PM

It hasn't been the best couple of weeks for Adobe Reader.

First there was the advice from F-Secure's Mikko Hypponen to stop using Reader and switch to an alternative. Now there's word of a new security flaw that is known to affect versions 8.14 and 9.1 for Linux and could also affect other versions of the program on other operating systems.

The exploit takes advantage of the javascript getAnnots() function in Reader and could, as with its predecessor, allow an attacker to remotely execute arbitrary code.

Even the U.S. Department of Homeland Security is on the case. They advise temporarily disabling javascript as an intermediate fix:

"To disable JavaScript in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, un-check Enable Acrobat JavaScript."

Adobe has acknowledged the problem in a blog post, though it states nothing more than "we know about it, and we'll have an update once we get more information." Security is serious business. Let's hope Adobe jumps to the pump this time and promptly issues a patch.

[via CNet]

Tags: adobe-reader, exploit, security-flaw

iPhone developer

Groupon - Chicago, IL (3 weeks ago)

See More Relevant Jobs ›

Reader Comments (Page 1 of 1)

Kenn.keeper said 8:29PM on 4-28-2009

Foxit Reader is a better alternative, much faster,,,,,and it's free.
Kenn.....

Quikboy said 9:58PM on 4-28-2009

Is that a surprise?

Has anyone tried using the XPS format? Does it work better than PDF?

sRc said 11:04PM on 4-28-2009

I use XPS format all the time for printing stuff when I dont have a printer connected (which is most of the time), works well enough for me.

visalittleboy said 10:24AM on 4-30-2009

That why sometimes when i launch Adobe Reader, it show up with some errors!

Thanks for info!

Featured Time Waster

The World's Hardest Game 2.0 - Time Waster

So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do. Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game. The mechanics of the game are very simple. You are a small red square, ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures

Download Squad at the Crunchies After-Party

Android First-look: Amazon.com MP3 Store

Latest Jobs from Download Squad Jobs

Post a Job

Flickr Pool

www.flickr.com

Download Squad bloggers (30 days)

#	Blogger	Posts	Cmts
1	Jay Hathaway	105	5
2	Lee Mathews	74	20
3	Sebastian Anthony	67	239
4	Brad Linder	35	2
5	Jason Clarke	27	0
6	Paul O'Brien	8	0
7	Victor Agreda, Jr.	6	1
8	Grant Robertson	6	3
9	Dolores Parker	6	2
10	Nik Fletcher	5	0
11	Matt Heerema	3	0
12	John Burke	2	0
13	Download Squad Staff	1	0

More Tech Coverage

Control Shift It's all about the experience
Somewhat Frank Perspectives on tech as it fuses in everyday life
Switched Gadgets, web news and commentary
Urlesque Exposing bits of the web

Download Squad