Adobe Posts Security Fix For Reader, Acrobat

A code injection vulnerability in Adobe Reader and Acrobat 8.1.2 required a quick fix amid reports of an exploit for it in the wild.

Users of Adobe’s Reader and Acrobat products will want to perform an update or upgrade today, depending on the software version they have in place. A JavaScript vulnerability received a Critical rating from Adobe, meriting immediate attention.

“This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system,” Adobe said in its security bulletin. “This update resolves an input validation issue in a JavaScript method that could potentially lead to remote code execution.”

People on versions up to 8.1.2 of Reader and Acrobat may update their products with a security fix, currently available for download. Adobe recommended users of Acrobat and Reader 7 update those products to version 7.1.0.

SecurityFocus noted the Information Security Team of the Johns Hopkins University Applied Physics Laboratory picked up on the problem with Acrobat and Reader. Vulnerable Adobe products fail to adequately sanitize user input to prevent exploitation.

Such sanitization issues have plagued websites all over the Internet. Their ease of exploitation makes them a favorite avenue of attack for malicious types, a problem exacerbated by failure to detect and update vulnerable products before exploits hit.