Critical updates to Adobe Reader and Adobe Acrobat released

Adobe has released updates to Adobe Reader and Adobe Acrobat which patch multiple critical vulnerabilities in the software. The releases also include a new JavaScript whitelisting capability.

According to Adobe these updates address critical vulnerabilities in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

JavaScript has been a frequently exploited area of PDF in recent years and the new JavaScript whitelisting capability introduced in Adobe Reader and Acrobat X (10.1.2) and 9.5 is designed to prevent that, by allowing JavaScript execution in PDF files based on document trust.

As a result of the new JavaScript whitelisting capability two additional admin controls have been added to the Preferences section in Adobe Reader and Adobe Acrobat.

JavaScript Lockdown

Provides administrators the ability to lock down all JavaScript execution, except when embedded in trusted documents, and prevent users from enabling JavaScript from the user interface/preferences

AdminTrusted Locations

Provides administrators the ability to add trusted locations

Adobe recommends that users update their software installations immediately to ensure they are protected against these exploits. More information about the new JavaScript whitelisting capabilities can be found the Adobe Secure Software Engineering Team (ASSET) Blog.

You May Also Like

About the Author: Karl De Abrew

Leave a Reply