Adobe warns about PDF software vulnerabilities

Wednesday, 8 February 2012

About | Contact Us | Feedback | Feed

Why large format printing has a future

Even as disaster response teams begins to embrace smaller format devices that make operations more ...

Govt will not fight cyber security war alone

The Internet has transformed the way many advanced societies work, live and play. It has ...

Preview IFSEC 2009

IFSEC, the world’s largest annual security event, returns in 2009 to the NEC Birmingham ...

Earthquakes in Asia: Whole Lotta Shakin’

With the world entering a new cycle of vicious earthquakes, businesses in Asia need to ...

SPOTLIGHT Archive

Print this article

Infosecurity

By Jianggan Li | 2 May 2009

Adobe Systems has acknowledged that all versions of its Acrobat and Adobe Reader, creators and readers of the popular PDF document format, contain two critical vulnerabilities.

View photos

Related Categories

From this Section

NEWS

The company issued a security advisory on its web site, in which it said the first vulnerability “would cause the application to crash and could potentially allow an attacker to take control of the affected system”. This is known to affect the software across all the platforms, including Windows, Mac and Unix.

The second vulnerability, according to the advisory, appears to affect Adobe Reader for Unix only.

The vulnerabilities are known to affect the applications’ JavaScript functions.

Proof-of-concept attack code for both bugs has already been published on the Web.

Stressing that there is no exploit of the vulnerabilities, Adobe says in the statement that it will patch all the affected application. A timetable for the fixes is not yet available.

In the meantime, Adobe recommends its user to disable the JavaScript to mitigate the risk.

Some security experts have urged users to switch PDF viewers while waiting for the patch.

Top of page