Abobe fixes critical flaws

Article

Abobe fixes critical flaws

Bill Brenner, Senior News Writer

Adobe Systems Inc. has released an update that fixes critical flaws in its popular .pdf viewer that came to light last week, as well as additional flaws reported in recent days.

The update fixes a cross-site

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

scripting (XSS) flaw in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow remote attackers to inject arbitrary JavaScript into a browser session, the vendor said in its advisory.

Security vendors like Symantec Corp. issued urgent alerts regarding this flaw, calling it significant and easily exploitable, since Adobe Reader is used by a large segment of the computing population to view .pdf files.

The update also fixes additional flaws reported earlier this week by researcher Piotr Bania.

"Additional vulnerabilities have been identified in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system," Adobe said of Bania's discoveries. "A malicious file must be loaded in Adobe Reader by the end user for an attacker to exploit these vulnerabilities."

In its analysis of Bania's research, Danish vulnerability clearinghouse Secunia said the problem is an unspecified error that surfaces when the viewer processes .pdf files. "This can be exploited to cause a heap corruption and may allow execution of arbitrary code when a specially-crafted .pdf file is opened," Secunia said.

Adobe urged users to upgrade to version 8 to address the problems.