The Register® — Biting the hand that feeds IT

Adobe scripting flaw unearthed

Browser plug-in peril

Free whitepaper – The starter PKI program

Users are advised to upgrade their Adobe Reader software following the discovery of a potential serious cross-site scripting bug. The vulnerability, which involves Adobe Reader 6.x and Adobe Reader 7.x, means it is possible to execute potential hostile JavaScript code simply by appending it to a PDF's URL.

The flaw, discovered by security researchers Stefano Di Paola and Giorgio Fedon and announced at the Chaos Communication Congress conference in Berlin this week, might be most easily exploited through Adobe Reader browser plug-ins. Users are advised to upgrade to Adobe Reader version 8.0 to defend against attack, or to apply workarounds as suggested by the SANS Institute's Internet Storm Centre here. ®

Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server

Don’t Miss

GoogleGoogle cloud told to encrypt itself

Updated R in RSA wants s in https

thumbs down teaser 75Buggy 'smart meters' open door to power-grid botnet

Grid-burrowing worm only the beginning

Flag ChinaChinese firm hits back at cyberspy claims

Exclusive Huawei welcomes UK.gov backdoor probe

BlockMaster SafeStickBlockMaster SafeStick hardware-encrypted USB drive

Review Tough enough?