Article

Adobe working on patch to correct new zero-day flaw

SearchSecurity.com Staff

Adobe Systems Inc. acknowledged a serious zero-day flaw in its Adobe Reader and Acrobat products this week, urging customers to disable JavaScript to mitigate the threat.

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Few details were released about the coding error. An advisory issued by Danish vulnerability clearinghouse Secunia warned in an .update on the Adobe Reader issue, that the pdf reader contains two memory corruption errors when handling JavaScript. The flaw affects all versions of Adobe Reader and Acrobat running on all platforms, Adobe said.

"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe said in an advisory.

Secunia said an attacker could pass a malicious .pdf file to exploit the flaws. "Successful exploitation may allow execution of arbitrary code," Secunia said in its advisory.

So far, Adobe said there have been no reports of the flaw being exploited in the wild. Users can disable JavaScript until a patch is released by unchecking the 'Enable Acrobat JavaScript' option in the preferences menu.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: