Adobe patches security hole in Reader, Acrobat

Last Wednesday, Adobe Systems acknowledged a vulnerability in both Adobe Reader and Acrobat that could be exploited using malware to release sensitive system information. Under certain circumstances, it is possible to discover the existence of local files on an end-user system using XML scripts.

The problem affects versions 7.0-7.0.1, and is located within the Adobe Reader control. According to Adobe’s Support Knowledgebase, the impact of the flaw is minimized because attackers would need to know complete filenames and paths in advance in order to exploit the vulnerability.

The good news is that Adobe is, as always, on the case. It has already released a 7.0.2 patch for Windows versions of Reader and Acrobat, with a Mac version currently in development. Until that update is available, the Knowledgebase recommends that Mac users of the affected software temporarily disable Acrobat JavaScript to protect their systems (In Acrobat or Reader, choose Adobe > Preferences > JavaScript and deselect Enable Acrobat JavaScript).

The available patches can be downloaded from the Adobe web site.

You May Also Like

About the Author: Dan Shea

Leave a Reply