Adobe promises fixes for Reader and Acrobat
Published: 05 May 2009 17:31 BST
Adobe has said it will issue updates to its Reader and Acrobat products on Tuesday 12 May, in a bid to fix recently discovered critical vulnerabilities.
At the end of April, Adobe issued an advisory warning about a JavaScript flaw in all currently supported versions of Adobe Reader, its popular PDF-viewing software. The vulnerability could let an intruder remotely execute code on a user's machine, causing the application to crash and potentially allowing the attacker to take control of the affected system.
On Friday, David Lenoe from Adobe's Product Security Incident Response Team (PSIRT), blogged that the company was in the process of fixing the issue and said the relevant product updates are scheduled to appear by 12 May.
"Adobe plans to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X," Lenoe wrote.
The software maker has also confirmed the existence of another vulnerability, in Adobe Reader for Unix, Lenoe said. That flaw will also be remedied in the scheduled updates for Adobe Reader for Unix, he noted.
Lenoe advised users waiting for the updates to disable JavaScript in Reader and Acrobat in the meantime.
The vulnerabilities are the latest in a string of security flaws found in Adobe's products. In March, Adobe patched a zero-day flaw in Reader that had led to exploits in the wild, while in February it had to issue a patch for a critical vulnerability in the Flash player.
In his post on Friday, Lenoe said that Adobe's security team had been unable to "reproduce an exploitable scenario for Windows and Macintosh", but said it would continue to investigate the issue.
Did you find this article useful?
4 out of 5 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
