satsmo
30th April, 2009, 12:47 PM
Adobe has issued a security alert about a serious flaw in all shipping versions of its Reader software, affecting PC, Apple and Unix versions.
The flaw, which came to light yesterday, concerns Reader's execution of JavaScript, and allows attackers to run code on targeted systems or crash the application.
The US Computer Emergency Response Team has also issued a security advisory on the problem, which occurs in the 'getAnnots' JavaScript function.
"All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue," said Adobe in a blog post.
"Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this issue."
The company has given no timeline for the release of a patch, but has said that no exploits have yet been seen in the wild.
Source: Adobe admits to flaw in all versions of Reader - vnunet.com (http://www.vnunet.com/vnunet/news/2241445/adobe-admits-flaw-forms-reader)
The flaw, which came to light yesterday, concerns Reader's execution of JavaScript, and allows attackers to run code on targeted systems or crash the application.
The US Computer Emergency Response Team has also issued a security advisory on the problem, which occurs in the 'getAnnots' JavaScript function.
"All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue," said Adobe in a blog post.
"Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this issue."
The company has given no timeline for the release of a patch, but has said that no exploits have yet been seen in the wild.
Source: Adobe admits to flaw in all versions of Reader - vnunet.com (http://www.vnunet.com/vnunet/news/2241445/adobe-admits-flaw-forms-reader)