Abobe fixes critical flaws


Abobe fixes critical flaws

Bill Brenner, Senior News Writer

Adobe Systems Inc. has released an update that fixes critical flaws in its popular .pdf viewer that came to light last week, as well as additional flaws reported in recent days.

The update fixes a cross-site

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

scripting (XSS) flaw in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow remote attackers to inject arbitrary JavaScript into a browser session, the vendor said in its advisory.

Security vendors like Symantec Corp. issued urgent alerts regarding this flaw, calling it significant and easily exploitable, since Adobe Reader is used by a large segment of the computing population to view .pdf files.

The update also fixes additional flaws reported earlier this week by researcher Piotr Bania.

"Additional vulnerabilities have been identified in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system," Adobe said of Bania's discoveries. "A malicious file must be loaded in Adobe Reader by the end user for an attacker to exploit these vulnerabilities."

In its analysis of Bania's research, Danish vulnerability clearinghouse Secunia said the problem is an unspecified error that surfaces when the viewer processes .pdf files. "This can be exploited to cause a heap corruption and may allow execution of arbitrary code when a specially-crafted .pdf file is opened," Secunia said.

Adobe urged users to upgrade to version 8 to address the problems.