Adobe Systems Inc. acknowledged a serious zero-day flaw in its Adobe Reader and Acrobat products this week, urging customers to disable JavaScript to mitigate the threat.
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
 |
||||
|
|
|||
|
||||
Few details were released about the coding error. An advisory issued by Danish vulnerability clearinghouse Secunia warned in an .update on the Adobe Reader issue, that the pdf reader contains two memory corruption errors when handling JavaScript. The flaw affects all versions of Adobe Reader and Acrobat running on all platforms, Adobe said.
"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe said in an advisory.
Secunia said an attacker could pass a malicious .pdf file to exploit the flaws. "Successful exploitation may allow execution of arbitrary code," Secunia said in its advisory.
So far, Adobe said there have been no reports of the flaw being exploited in the wild. Users can disable JavaScript until a patch is released by unchecking the 'Enable Acrobat JavaScript' option in the preferences menu.