The Register® — Biting the hand that feeds IT

Feeds

Adobe patches Reader flaw

PDF flaw affects affect older, infirm package

By John Leyden, 4th November 2008
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

Security watchers are warning of a critical flaw affecting older versions of Adobe Reader.

Hackers might be able to exploit the bug using specially crafted pdf files with JavaScript content, Core Security warns. Ivan Arce, CTO at Core Security, said the security bug was discovered while investigating a previously disclosed problem in Foxit, an alternative pdf viewer package.

Successful exploitation against the Adobe Reader flaw would involve tricking users into opening a laced pdf file. The flaw only affects users of Adobe Reader 8, which was replaced by Adobe Reader 9 in June 2008. Nonetheless Core argues that many users are still running older versions of the software and are therefore at risk of attack.

Adobe has issued a security patch to fix the flaw, which affects versions 8.1.2 and below of Adobe Reader. If applying the update isn't immediately possible then disabling Javascript functionality should suffice as a workaround. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (5)
Latest Comments
Matt Hines

Core security Vulnerability Advisory

Here's a link to the actual Core Security vulnerability advisory on the CoreLabs homepage: http://www.coresecurity.com/content/adobe-reader-buffer-overflow .

0
0
Vlad

Acrobat reader alternative?

I agree with AC's comments on Acrobat Reader bloat. I'm also sick of getting pop-up reminders about updates every time I open a PDF (and that's with a recent version of the program). Fair enough, it's good to know that they're offering updates to improve security, but as far as I know it's not possible to set the program to check for updates only once a month or so. I'm going to give an alternative - PDF Xchange Viewer a try.

0
0
Doug Glass

Why Worry...

...Be happy. Get rid of Adobe Reader and get Foxit Reader. Free, works beautifully, lasts a long time. Well, for Windows.

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19