Adobe promises fixes for latest flaws by next week

The update will cover Windows, Macintosh and Unix platforms

Adobe Systems expects to have patches ready to fix the latest flaws in Acrobat and Reader by next week.

"We are in the process of fixing the issue and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th," wrote David Lenoe, a security program manager, on Adobe's security blog.

The update will fix the problem in versions 7.x, 8.x and 9.x for Reader and Acrobat on Windows, versions 8.x and 9.x of Reader and Acrobat for Macintosh, and Reader versions 8.x and 9.x for Unix.

It will repair bug CVE-2009-1492, which concerns Adobe's implementation of JavaScript in Reader and Acrobat.

That flaw could allow a hacker to create a malicious PDF file that could allow execution of other arbitrary code.

Attack code was published last week on the SecurityFocus Web site.

Adobe has also identified a second vulnerability in Reader for Unix, CVE-2009-1493. That will also be fixed in the upcoming updates, Lenoe wrote. That flaw doesn't appear to affect Windows or Macintosh, he wrote.

Until the patches come out, people should disable JavaScript in both of the applications. Under the preferences menu of the "edit" function, JavaScript can be de-selected, which would then stop an attack.

Adobe has battled bugs in Reader and Acrobat for some time. The vulnerabilities are valuable to hackers since they can create malicious documents to exploit the flaw and gain control over a computer.

Since PDF files are widely used, there's a higher chance that a victim can be tricked into opening one and ceding control of their computer.

More about: Adobe, Adobe Systems, CGI, SecurityFocus
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Adobe, bugs, exploits and vulnerabilities, javascript, security
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/149/dropbox/

Dropbox

Dropbox is a sharing tool that allows you to synchronize your documents, as well share files with others. It automatically uploads the files to the ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia