Users of Adobe's Reader and Acrobat products will want to perform an update or upgrade today, depending on the software version they have in place. A JavaScript vulnerability received a Critical rating from Adobe, meriting immediate attention.
"This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system," Adobe said in its security bulletin. "This update resolves an input validation issue in a JavaScript method that could potentially lead to remote code execution."
People on versions up to 8.1.2 of Reader and Acrobat may update their products with a security fix, currently available for download. Adobe recommended users of Acrobat and Reader 7 update those products to version 7.1.0.
SecurityFocus noted the Information Security Team of the Johns Hopkins University Applied Physics Laboratory picked up on the problem with Acrobat and Reader. Vulnerable Adobe products fail to adequately sanitize user input to prevent exploitation.
Such sanitization issues have plagued websites all over the Internet. Their ease of exploitation makes them a favorite avenue of attack for malicious types, a problem exacerbated by failure to detect and update vulnerable products before exploits hit.
Adobe in the Feed Reader RaceRisk Metrics Needed for IT SecurityAdobe Unveils CS 2.3, Teases About CS3Adobe's New and Improved AcrobatSecurity Risk Assessment and Management in Web Application Security Security Awareness BlogWeb Application Security and Sarbanes-Oxley ComplianceAdobe's Photoshop Express LaunchesAdobe Acrobat Connect Commercially AvailableApplication Security - IT Risk Management 
Comments
Adobe
It would be nice for Adobe to explain what the update is before asking a user if they want it or not. Even Microsoft explains the update in fairly simple terms such as "Security Update for ie7". This would probably get more people to click "Update" rather than ignoring Adobe altogether.
www.mbridge.com
Post new comment